All, This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process for the ANF Secure Server Root CA. See https://wiki.mozilla.org/CA/Application_Process#Process_Overview, (Steps 4 through 9).
The ANF Secure Server Root CA is operated by ANF AC, a Qualified Trust Services Provider in the European Union and in operation since the late 1990s. A previous application for other root CAs was filed in 2010. See https://bugzilla.mozilla.org/show_bug.cgi?id=555156. During that process it was decided that a new root should be submitted. This current CA inclusion application has been tracked in the CCADB and in Bugzilla– https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000501 https://bugzilla.mozilla.org/show_bug.cgi?id=1585951 This new root CA certificate was signed in 2019, and it is proposed for inclusion with the websites bit and EV enabled. Mozilla is considering approving ANF’s request. This email begins the 3-week comment period, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10). *Root Certificate Information:* ANF Secure Server Root CA crt.sh - https://crt.sh/?q=FB8FEC759169B9106B1E511644C618C51304373F6C0643088D8BEFFD1B997599 Download - http://www.anf.es/es/certificates-download/ANFSecureServerRootCA.cer *CP/CPS:* Current CP is Version 3.3.1 / January 8, 2021 https://anf.es/pdf/CP_SSL_Electronic_Headquarters_v3_3_1.pdf Current CPS is Version 31 / February 1, 2021 https://anf.es/pdf/Certification_Practices_Statement_v31.pdf Repository location: https://www.anf.es/en/repositorio-legal/ *ANF's 2021 BR Self-Assessment* (PDF) is located here: https://bug1585951.bmoattachments.org/attachment.cgi?id=9208014 *Audits:* The 2020 ETSI EN 319 411 audit is available here: https://www.csqa.it/getattachment/Sicurezza-ICT/Documenti/Attestazione-di-Audit-secondo-i-requisiti-ETSI/CSQA-Attestation-ANF-2020_12423_V4_Signed.pdf.aspx?lang=it-IT. The audit observed that Bug 555156 <https://bugzilla.mozilla.org/show_bug.cgi?id=555156> included "Misissuance of SSL OV Test Certificate". *Incidents: * The incident reports provided by ANF indicate the misissuance of certificates under the previous CA hierarchy. See https://bug555156.bmoattachments.org/attachment.cgi?id=9100493 and https://bugzilla.mozilla.org/attachment.cgi?id=9098945. However, no misissuances have been found under the ANF Secure Server Root CA, and the issuing CA certificates passed technical tests. Thus, this email begins a three-week public discussion period, which I’m scheduling to close on or about 31-March-2021. We encourage you to participate in the review and discussion. A representative of ANF must promptly respond directly in the discussion thread to all questions that are posted. Sincerely yours, Ben Wilson Mozilla Root Store Program _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy