Thanks, Ben."Part of Telia Company AB" shows their ownership relationship, the question is about their roles under this Root inclusion request.If Telia Company AB operates this CA, what functions they have delegated to Telia Finland Oyj (and possibly to other "parts of Telia Company AB" in other countries)?Thanks,M.D.Sent from my Galaxy -------- Original message --------From: Ben Wilson <[email protected]> Date: 12/6/21 20:12 (GMT+02:00) To: md <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: Public Discussion: Inclusion of Telia Root CA v2 The CCADB record says, "Telia Finland Oyj, part of Telia Company AB", but I'll ask that a representative of Telia clarify this for us.
On Mon, Dec 6, 2021 at 12:32 AM md <[email protected]> wrote:Hi,as Telia Company AB (Sweden) and Telia Oy (Finland) are two separate legal persons, its not clear what is Telia?Actually the same clarification needed for all other countries listed in the Bug.Thanks,M.D.Sent from my Galaxy-------- Original message --------From: Ben Wilson <[email protected]> Date: 12/1/21 17:16 (GMT+02:00) To: "[email protected]" <[email protected]> Subject: Public Discussion: Inclusion of Telia Root CA v2 All,This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process (https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps 4 through 9) for Telia’s inclusion request for the Telia Root CA v2 (https://crt.sh/?id=1199641739). Mozilla is considering approving Telia’s request to add the root as a trust anchor with the websites and email trust bits as documented in Bugzilla #1664161 and CCADB Case #660. This email begins the 3-week comment period, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10). Summary This CA certificate for Telia Root CA v2 is valid from 29-Nov-2018 to 29-Nov-2043. SHA2 Certificate Hash: 242B69742FCB1E5B2ABF98898B94572187544E5B4D9911786573621F6A74B82C Root Certificate Downloads: https://support.trust.telia.com/repository/teliarootcav2_selfsigned.cer https://support.trust.telia.com/repository/teliarootcav2_selfsigned.pem CP/CPS: Effective October 14, 2021, the current CPS for the Telia Root CA v2 may be downloaded here: https://cps.trust.telia.com/Telia_Server_Certificate_CPS_v4.4.pdf (v.4.4). Repository location: https://cps.trust.telia.com/ Test Websites: Valid - https://juolukka.cover.telia.fi:10603/ Revoked - https://juolukka.cover.telia.fi:10604/ Expired - https://juolukka.cover.telia.fi:10605/ BR Self Assessment (PDF) is located here: https://support.trust.telia.com/download/CA/Telia_CA_BR_Self_Assessment.pdf Audits: Annual audits are performed by KPMG. The most recent audits were completed for the period ending March 31, 2021, according to WebTrust audit criteria. The standard WebTrust audit (in accordance with v.2.2.1) contained no adverse findings. The WebTrust Baseline Requirements audit (in accordance with v.2.4.1) was qualified based on the fact that the Telia Root CA v1 certificate did not include subject:countryName. (The Telia Root CA v2 contains a subject:countryName of “FI”.) Attachment B to the WebTrust Baseline Requirements audit report listed eight (8) Bugzilla bugs for incidents open during the 2020-2021 audit period, which are now resolved as fixed. They were as follows: Link to Bugzilla Bug Matter description https://bugzilla.mozilla.org/show_bug.cgi?id=1614311 Two CA certificates not listed in 2020 WebTrust audit report https://bugzilla.mozilla.org/show_bug.cgi?id=1612332 Ambiguity on KeyUsage with ECC public key https://bugzilla.mozilla.org/show_bug.cgi?id=1551372 One Telia certificate containing a stateOrProvinceName of “Some-State” https://bugzilla.mozilla.org/show_bug.cgi?id=1649683 Two Telia’s pre-2012 rootCA certificates aren’t fully compliant with Baseline Requirements https://bugzilla.mozilla.org/show_bug.cgi?id=1637854 AIA CA Issuer field pointing to PEM-encoded certificate https://bugzilla.mozilla.org/show_bug.cgi?id=1674536 Certificates with RSA keys where modulus is not divisible by 8 https://bugzilla.mozilla.org/show_bug.cgi?id=1565270 Subject field automatic check in CA system https://bugzilla.mozilla.org/show_bug.cgi?id=1689589 Disallowed curve (P-521) in leaf certificate Recent, open bugs/incidents are the following: Link to Bugzilla Bug Matter description https://bugzilla.mozilla.org/show_bug.cgi?id=1738207 Issued three precertificates with non-NIST EC curve https://bugzilla.mozilla.org/show_bug.cgi?id=1736020 Invalid email contact address was used for few domains https://bugzilla.mozilla.org/show_bug.cgi?id=1737808 Delayed revocation of 5 EE certificates in connection to id=1736020 I have no further questions or concerns about this inclusion request, however I urge anyone with concerns or questions to raise them on this list by replying directly in this discussion thread. Likewise, a representative of Telia must promptly respond directly in the discussion thread to all questions that are posted. Again, this email begins a three-week public discussion period, which I’m scheduling to close on December 22, 2021. Sincerely yours, Ben Wilson Mozilla Root Program -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZZj87QS3jL7R_32JEnfPZeU4hBNBJ%2BGHWU_pUdqF%3Dbbg%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZHED3guMdvpqh6hzdEq%3DkzcRwTKMBigRyduX-VTT4AKA%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/61ae97d0.1c69fb81.1a5c0.698fSMTPIN_ADDED_MISSING%40mx.google.com.
