All, This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process ( https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps 4 through 9) for DigiCert’s inclusion request (Bug # 1706228 <https://bugzilla.mozilla.org/show_bug.cgi?id=1706228>, CCADB Case # 743 <https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000743>) for the following root CA certificates:
*DigiCert TLS RSA4096 Root G5 (websites trust bit, EV)* Download – https://cacerts.digicert.com/DigiCertRSA4096RootG5.crt.pem crt.sh - https://crt.sh/?SHA256=371A00DC0533B3721A7EEB40E8419E70799D2B0A0F2C1D80693165F7CEC4AD75 *DigiCert TLS ECC P384 Root G5 (websites trust bit, EV)* Download – https://cacerts.digicert.com/DigiCertECCP384RootG5.crt.pem crt.sh – https://crt.sh/?SHA256=018E13F0772532CF809BD1B17281867283FC48C6E13BE9C69812854A490C1B05 *DigiCert SMIME RSA4096 Root G5 (email trust bit)* Download – https://cacerts.digicert.com/DigiCertSMIMERSA4096RootG5.crt.pem crt.sh - https://crt.sh/?SHA256=90370D3EFA88BF58C30105BA25104A358460A7FA52DFC2011DF233A0F417912A *DigiCert SMIME ECC P384 Root G5 (email trust bit)* Download – https://cacerts.digicert.com/DigiCertSMIMEECCP384RootG5.crt.pem crt.sh - https://crt.sh/?SHA256=E8E8176536A60CC2C4E10187C3BEFCA20EF263497018F566D5BEA0F94D0C111B Mozilla is considering approving DigiCert’s request to add these four (4) roots as trust anchors with the trust bits and EV-enabled as indicated above. *Repository:* The DigiCert document repository is located here: https://www.digicert.com/legal-repository *Relevant Policy and Practices Documentation: * Certificate Policy, v. 5.9, dated January 21, 2022 https://www.digicert.com/content/dam/digicert/pdfs/legal/digicert-cp-v5-9.pdf Certification Practices Statement, v. 5.9, dated January 21, 2022 https://www.digicert.com/content/dam/digicert/pdfs/legal/digicert-cps-v5-9.pdf *Self-Assessments and Mozilla CPS Reviews* are located as attachments in Bug # 1706228 <https://bugzilla.mozilla.org/show_bug.cgi?id=1706228>: Mozilla Review of DigiCert CP/CPS and Compliance Self-Assessment <https://bugzilla.mozilla.org/attachment.cgi?id=9252944> (xls) DigiCert Replies to CP/CPS Review and Compliance Self-Assessment <https://bugzilla.mozilla.org/attachment.cgi?id=9261770> (xls) *Audits:* Annual audits have been performed by BDO. The most recent audits were completed for the period ending September 30, 2021. See https://www.digicert.com/webtrust-audits. *Incidents* DigiCert has no open incidents in Bugzilla. In the past year, there have been five incidents involving DigiCert, which are now closed satisfactorily: 1727963 <https://bugzilla.mozilla.org/show_bug.cgi?id=1727963> DigiCert: Truncation of Registration Number <https://bugzilla.mozilla.org/show_bug.cgi?id=1727963> 1744795 <https://bugzilla.mozilla.org/show_bug.cgi?id=1744795> DigiCert: Issuance of certs with weak keys (ROCA) <https://bugzilla.mozilla.org/show_bug.cgi?id=1744795> 1710444 <https://bugzilla.mozilla.org/show_bug.cgi?id=1710444> DigiCert: Invalid stateOrProvinceName <https://bugzilla.mozilla.org/show_bug.cgi?id=1710444> 1710856 <https://bugzilla.mozilla.org/show_bug.cgi?id=1710856> DigiCert: Invalid localityName <https://bugzilla.mozilla.org/show_bug.cgi?id=1710856> 1714439 <https://bugzilla.mozilla.org/show_bug.cgi?id=1714439> DigiCert: Incorrect RegNumber-Org Type combination <https://bugzilla.mozilla.org/show_bug.cgi?id=1714439> I have no further questions or concerns about DigiCert’s inclusion request; however, I urge anyone with concerns or questions to raise them on this list by replying directly in this discussion thread. Likewise, a representative of DigiCert must promptly respond directly in the discussion thread to all questions that are posted. This email begins the 3-week comment period, which I’m scheduling to close on or about March 31, 2022, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10). Sincerely yours, Ben Wilson Mozilla Root Program Manager -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYXwMGTf4kxr7KhWr5fWd-aiJss4S0rjOz6F4-3wfFGEA%40mail.gmail.com.
