Thanks for reconfirming. I should have noted in my initial post that these three roots are just for the websites trust bit, and I am going to continue to assume that all three will be EV-enabled. Ben
On Thu, Jul 11, 2024 at 4:19 AM Mitsuyoshi Tamura < mitsuyoshi.tam...@miraclelinux.com> wrote: > Dear Ben, > > Thank you for your help. > We would like Mozilla to set the key purpose of "websites" for both CA14 > and 15. > > Best regards, > Mitsuyoshi Tamura > Cybertrust Japan > > 2024年7月10日水曜日 23:09:36 UTC+9 Ben Wilson: > >> Dear Mitsuyoshi, >> >> Thanks for your response. For purposes of Mozilla trust bits - "websites" >> and "email", could you specify at this time the key purpose for CA14 and >> CA15? >> >> Ben >> >> On Tue, Jul 9, 2024 at 8:50 PM Mitsuyoshi Tamura < >> mitsuyos...@miraclelinux.com> wrote: >> >>> Greetings, >>> We are aware of Mozilla's "Recommended Practices," that states that a >>> single-purpose root is preferred. Among three root CAs that we are >>> requesting, CA 12 has already changed to become a single-purpose root CA. >>> Regarding CA14 and 15, we will also change for single purpose before start >>> issuing certificates for subscribers. >>> >>> Best regards, >>> Mitsuyoshi Tamura >>> Cybertrust Japan >>> >>> P.S. >>> Please allow me to comment by miraclelinux.com domain that our company >>> possess. >>> >>> 2024年7月9日火曜日 6:19:08 UTC+9 Ben Wilson: >>> >>>> Hi Doug, >>>> Thanks for the question. I don't think we have set a date, but I'll >>>> continue to look into this to see if a date was ever proposed. In any >>>> event, we should open an issue in GitHub to remove this uncertainty. For >>>> Cybertrust Japan, I will need to look at the information in Bugzilla and >>>> the CCADB, but initially it appears that at least with Chrome they are only >>>> seeking inclusion of SecureSign Root CA12 for TLS. For SecureSign Root CA14 >>>> and SecureSign Root CA15, I may have missed where they might have already >>>> withdrawn one or both of them, but I'll have to read up. Sorry for the >>>> confusion. >>>> Please feel free to ask any additional follow-up questions. >>>> Thanks again, >>>> Ben >>>> >>>> On Mon, Jul 8, 2024 at 1:26 PM Doug Beattie <doug.b...@globalsign.com> >>>> wrote: >>>> >>>>> Hi Ben, >>>>> >>>>> >>>>> >>>>> The older 2 roots were well separated with one having server auth and >>>>> client auth, and the other secure mail and code signing EKS, but the new >>>>> set of 3 has Server auth in all of them along with a mix of other EKUs. >>>>> >>>>> >>>>> >>>>> When do CAs need to start providing dedicated TLS roots? >>>>> >>>>> >>>>> >>>>> Doug >>>>> >>>>> >>>>> >>>>> *From:* 'Ben Wilson' via dev-secur...@mozilla.org < >>>>> dev-secur...@mozilla.org> >>>>> *Sent:* Monday, July 8, 2024 11:47 AM >>>>> *To:* dev-secur...@mozilla.org <dev-secur...@mozilla.org> >>>>> *Subject:* Intent to Approve Cybertrust / JCSI Japan Root Inclusions >>>>> >>>>> >>>>> >>>>> All, >>>>> >>>>> >>>>> >>>>> From May 10, 2024, through June 21, 2024, a six-week public discussion >>>>> was conducted regarding the request from Cybertrust Japan / JCSI for the >>>>> inclusion of the following root certificates: >>>>> >>>>> - SecureSign Root CA12 >>>>> - SecureSign Root CA14 >>>>> - SecureSign Root CA15 >>>>> >>>>> >>>>> https://groups.google.com/a/ccadb.org/g/public/c/4OuyyOD-7ng/m/1ot5MFk4AAAJ >>>>> >>>>> There were no objections, questions, or comments in opposition to the >>>>> request. >>>>> >>>>> This email is notice that Mozilla intends to approve the inclusion of >>>>> the above-mentioned root certificates from Cybertrust Japan / JCSI. >>>>> >>>>> This begins a 7-day “last call” period for any final objections. >>>>> Should there be any further concerns, please share them within this >>>>> period. >>>>> >>>>> Thanks, >>>>> >>>>> Ben Wilson >>>>> >>>>> Mozilla Root Store Manager >>>>> >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "dev-secur...@mozilla.org" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to dev-security-po...@mozilla.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZ%3DN0-G52whyR-iMD0jFiSxnBgrufMZMWkPSLfmuX0_MQ%40mail.gmail.com >>>>> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZ%3DN0-G52whyR-iMD0jFiSxnBgrufMZMWkPSLfmuX0_MQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabsXrqsHp8nwFHRQzD%3DOUTiHOH70ZMy2GidmT3w8iTxAA%40mail.gmail.com.