On February 4, 2021, the public discussion period [Step 4 of the Mozilla Root Store CA Application Process <https://wiki.mozilla.org/CA/Application_Process>] began on e-commerce monitoring’s inclusion request.
No questions or concerns have been raised and there are no open action items for e-commerce monitoring to complete under Steps 5-8 of the application process. This is notice that I am closing the public discussion period [Step 9] and that it is Mozilla’s intent to approve e-commerce monitoring’s request for inclusion [Step 10]. This begins a 7-day “last call” period for any final objections. Thanks, Ben On Mon, Feb 22, 2021 at 1:51 PM Ben Wilson <bwil...@mozilla.com> wrote: > Just a reminder that discussion is ongoing and scheduled to close this > Friday, 26-Feb-2021. > > On Thu, Feb 4, 2021 at 4:39 PM Ben Wilson <bwil...@mozilla.com> wrote: > >> This is to announce the beginning of the public discussion phase ( >> https://wiki.mozilla.org/CA/Application_Process#Process_Overview, (Steps >> 4 through 9)) of the Mozilla root CA inclusion process for e-commerce >> monitoring GmbH’s GLOBALTRUST 2020 Root CA. >> >> e-commerce monitoring operates as "GlobalTrust", which was previously >> operated by Austrian Society for Data Protection - Arge Daten. According >> to the Applicant, Arge-Daten was the owner of the older "GlobalTrust" >> roots, which are not part of this application. This application has been >> tracked in the CCADB and in Bugzilla - >> https://bugzilla.mozilla.org/show_bug.cgi?id=1627552. >> >> e-commerce monitoring’s GLOBALTRUST 2020 Root is proposed for inclusion >> with the websites trust bit (with EV) and the email trust bit. >> >> Mozilla is considering approving e-commerce monitoring’s request. This >> email begins the 3-week comment period, after which, if no concerns are >> raised, we will close the discussion and the request may proceed to the >> approval phase (Step 10). >> >> *A Summary of Information Gathered and Verified appears here in this >> CCADB case:* >> >> >> https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000568 >> >> *Root Certificate Information:* >> >> GLOBALTRUST 2020 Root >> >> crt.sh - >> https://crt.sh/?q=9A296A5182D1D451A2E37F439B74DAAFA267523329F90F9A0D2007C334E23C9A >> >> >> Download - http://service.globaltrust.eu/static/globaltrust-2020.crt >> >> >> *CP/CPS:* >> >> Current CP is Version 2.0h / 15th January 2021 >> >> http://service.globaltrust.eu/static/globaltrust-certificate-policy.pdf >> >> Current CPS is Version 2.0h / 15th January 2021 >> >> >> http://service.globaltrust.eu/static/globaltrust-certificate-practice-statement.pdf >> >> Repository location: https://globaltrust.eu/certificate-policy/ >> >> *BR Self-Assessment* (PDF) is located here: >> >> https://bugzilla.mozilla.org/attachment.cgi?id=9138392 >> >> >> *Audits:* >> >> 2020 audits are attached to Bug # 1627552 >> <https://bugzilla.mozilla.org/show_bug.cgi?id=1627552> and include the >> Key Generation Report, the EV Readiness Audit, and the ETSI Audit >> Attestation, which covered the period from 06/11/2019 until 04/01/2020. The >> next audit is due 04/01/2021. >> >> No misissuances were found under this root, and all subordinate >> certificates passed technical tests satisfactorily. >> >> Again, this email begins a three-week public discussion period, which I’m >> scheduling to close on or about 26-February-2021. >> >> Sincerely yours, >> >> Ben Wilson >> >> Mozilla Root Program >> > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
