Just realized that I’ve sent a previous message using a Google Groups web form, and it’s most probably been filtered by everyone’s spam filters.
> On 1 Aug 2025, at 19:41, Ivan <[email protected]> wrote: > > Hi Ben, > > Thanks for you response. > > My mistake, that was a proposal to add such a clause, not to remove one. > > The CA is certum.pl (by Asseco). The original correspondence from 2023 > contained a lot of my personal data to prove that I am a resident of Poland > and ended with this: > > > After analyzing the received documents and in accordance with our > > information on the CERTUM website about the suspension of issuing qualified > > and unqualified certificates for companies, organizations and citizens from > > the Russian Federation and the Republic of Belarus, we cannot process your > > order for a Certum S/MIME Individual certificate. > > The submitted residence card entitles you to access to the labor market; if > > you are employed in a Polish company, we can offer you a Certum S/MIME > > Sponsor certificate. > > Please read our offer and required documents for Certum S/Mime Sponsor. > > This email was signed by subject=C=PL, ST=pomorskie, L=Gdańsk, O=Asseco Data > Systems S.A., CN=Registration Authority, [email protected] > issuer=C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, > CN=Certum Digital Identification CA SHA2 > > > A month ago, I contacted them again to ask if their policy had changed, but > they just responded that they do not issue code signing, S/MIME or SSL > certificates for citizens of Russia and Belarus (most probably referring to > this: > https://www.certum.eu/en/news/change-in-the-rules-of-providing-trust-services-and-their-sale-on-the-territory-of-the-russian-federation-and-the-republic-of-belarus/) > > Thanks, > Ivan > On Friday, 1 August 2025 at 19:05:57 UTC+2 Ben Wilson wrote: > Hi Ivan, > Thank you for your message. > As far as I am aware, the Mozilla Root Store Policy (MRSP) did not previously > include an explicit “non-discrimination” clause, so nothing has been removed > in that regard. However, item 6 in section 2.1 of the MRSP continues to > require that CAs operate according to published criteria that we deem > acceptable. > While we don’t directly control the actions of CAs, we do evaluate their > practices to ensure they align with Mozilla’s values and expectations for > fairness and trustworthiness. If you're willing to share the name of the CA > and any relevant correspondence, we can take a closer look at the > circumstances and assess whether further follow-up is appropriate. > Best regards, > Ben Wilson > Mozilla Root Program > > On Fri, Aug 1, 2025 at 10:17 AM 'Ivan' via [email protected] > <[email protected]> wrote: > Hello, > I am writing to seek clarification on the interpretation of the Mozilla Root > Store Policy. > > In reviewing the latest version, I noted that the explicit > "Non-discrimination" clause, present in previous versions, has been removed. > This change raises a question about the current standards for CA conduct > under the policy. Specifically, this relates to Section 2.1, CA Operations > which requires CAs to operate under "published criteria that we deem > acceptable" > > To provide a concrete example, a Mozilla-trusted CA based in Poland recently > denied my application for a standard S/MIME certificate. The sole reason > provided for this refusal was my Belarusian nationality. This action was > taken despite my status as a long-term legal resident of the Poland. > For clarity, I am not on any sanctions list, and the CA has no legal > obligation to deny service on this basis. > > Given the absence of the specific non-discrimination clause, my question is: > How does Mozilla now assess the "acceptability" of a CA's operational > criteria when it results in a categorical denial of service based on > nationality, particularly when no legal requirements compel such a decision? > > Thank you for your time and clarification. > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/b744c853-ffcf-4b2d-9914-3386f51e8fb5n%40mozilla.org. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/010701988a9cdd4c-565a6987-dd20-42bc-bf12-d7068b53a253-000000%40eu-central-1.amazonses.com.
