The CPR process ( https://www.d-trust.net/en/support/reporting-certificate-problem) seems quite annoying. Downloading and editing a PDF just to send a CPR is a bit too much.
On Thu, Sep 12, 2024 at 09:15 'Ryan Dickson' via CCADB Public < [email protected]> wrote: > All, > > This email commences a six-week public discussion of D-Trust’s request to > include the following certificates as publicly trusted root certificates in > one or more CCADB Root Store Member’s program. This discussion period is > scheduled to close on October 24, 2024. > > The purpose of this public discussion process is to promote openness and > transparency. However, each Root Store makes its inclusion decisions > independently, on its own timelines, and based on its own inclusion > criteria. Successful completion of this public discussion process does not > guarantee any favorable action by any root store. > > Anyone with concerns or questions is urged to raise them on this CCADB > Public list by replying directly in this discussion thread. Likewise, a > representative of the applicant must promptly respond directly in the > discussion thread to all questions that are posted. > > CCADB Case Number: 00001362 > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001362> > and 00001363 > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001363> > > Organization Background Information (listed in the CCADB): > > - > > CA Owner Name: D-Trust > - > > Website: https://www.d-trust.net/en > - > > Address: Kommandantenstr. 15, Berlin, 10969, Germany > > <https://www.google.com/maps/search/Kommandantenstr.+15,+Berlin,+10969,+Germany?entry=gmail&source=g> > - > > Problem Reporting Mechanisms: > https://www.d-trust.net/en/support/reporting-certificate-problem > - > > Organization Type: Government Agency > - > > Repository URL: https://www.bundesdruckerei.de/en/Repository > > Certificates Requesting Inclusion: > > > 1. > > D-TRUST EV Root CA 2 2023: > > > - > > Certificate download links: CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_EV_Root_CA_2_2023.crt> / > crt.sh > > <https://crt.sh/?q=8E8221B2E7D4007836A1672F0DCC299C33BC07D316F132FA1A206D587150F1CE> > - > > Use cases served/EKUs: > - > > Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > - > > Test websites: > - > > Valid: https://certdemo-ev-valid-rsa.tls.d-trust.net/ > - > > Revoked: https://certdemo-ev-revoked-rsa.tls.d-trust.net/ > - > > Expired: https://certdemo-ev-expired-rsa.tls.d-trust.net/ > - > > Replacement notice: D-Trust has communicated intent to use this > applicant root to replace D-TRUST Root Class 3 CA 2 EV 2009 > > <https://crt.sh/?q=EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881> > in some root stores, with the replacement taking place approximately on > September 1, 2026. > > > > 2. > > D-TRUST BR Root CA 2 2023: > - > > Certificate download links: CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_BR_Root_CA_2_2023.crt> / > crt.sh > > <https://crt.sh/?q=0552E6F83FDF65E8FA9670E666DF28A4E21340B510CBE52566F97C4FB94B2BD1> > - > > Use cases served/EKUs: > - > > Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > - > > Test websites: > - > > Valid: https://certdemo-dv-valid-rsa.tls.d-trust.net/ > - > > Revoked: https://certdemo-dv-revoked-rsa.tls.d-trust.net/ > - > > Expired: https://certdemo-dv-expired-rsa.tls.d-trust.net/ > - > > Replacement notice: D-Trust has communicated intent to use this > applicant root to replace D-TRUST Root Class 3 CA 2 2009 > > <https://crt.sh/?q=49e7a442acf0ea6287050054b52564b650e4f49e42e348d6aa38e039e957b1c1> > in some root stores, with the replacement taking place approximately on > September 1, 2026. > > > Existing Publicly Trusted Root CAs from D-Trust: > > 1. > > D-TRUST BR Root CA 1 2020: > - > > Certificate download links: (CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_BR_Root_CA_1_2020.crt> / > crt.sh > > <https://crt.sh/?q=E59AAA816009C22BFF5B25BAD37DF306F049797C1F81D85AB089E657BD8F0044> > ) > - > > Use cases served/EKUs: > > > - > > Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > > > - > > Certificate corpus: here > > <https://search.censys.io/search?resource=certificates&q=E59AAA816009C22BFF5B25BAD37DF306F049797C1F81D85AB089E657BD8F0044%09+and+labels%3Dever-trusted> > (Censys login required) > - > > Included in: Google Chrome, Mozilla > > > 2. > > D-Trust SBR Root CA 1 2022: > - > > Certificate download links: (CA Repository > <http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_1_2022.crt> / > crt.sh > > <https://crt.sh/?q=D92C171F5CF890BA428019292927FE22F3207FD2B54449CB6F675AF4922146E2> > ) > - > > Use cases served/EKUs: > - > > Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; > - > > Client Authentication 1.3.6.1.5.5.7.3.2; > - > > Document Signing AATL 1.2.840.113583.1.1.5; > - > > Document Signing MS 1.3.6.1.4.1.311.10.3.12 > - > > Certificate corpus: N/A > - > > Included in: Mozilla > 3. > > D-Trust SBR Root CA 2 2022: > - > > Certificate download links: (CA Repository > <http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_2_2022.crt> / > crt.sh > > <https://crt.sh/?q=DBA84DD7EF622D485463A90137EA4D574DF8550928F6AFA03B4D8B1141E636CC> > ) > - > > Use cases served/EKUs: > - > > Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; > - > > Client Authentication 1.3.6.1.5.5.7.3.2; > - > > Document Signing AATL 1.2.840.113583.1.1.5; > - > > Document Signing MS 1.3.6.1.4.1.311.10.3.12 > - > > Certificate corpus: N/A > - > > Included in: Mozilla > 4. > > D-TRUST EV Root CA 1 2020: > - > > Certificate download links: (CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_EV_Root_CA_1_2020.crt> / > crt.sh > > <https://crt.sh/?q=08170D1AA36453901A2F959245E347DB0C8D37ABAABC56B81AA100DC958970DB> > ) > - > > Use cases served/EKUs: > > > - > > Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > > > - > > Certificate corpus: here > > <https://search.censys.io/search?resource=certificates&q=08170D1AA36453901A2F959245E347DB0C8D37ABAABC56B81AA100DC958970DB+and+labels%3Dever-trusted> > (Censys login required) > - > > Included in: Google Chrome, Mozilla > > > > 5. > > D-TRUST Root CA 3 2013: > - > > Certificate download links: (CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_Root_CA_3_2013.crt> / > crt.sh > > <https://crt.sh/?q=A1A86D04121EB87F027C66F53303C28E5739F943FC84B38AD6AF009035DD9457> > ) > - > > Use cases served/EKUs: > > > - > > Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; > - > > Client Authentication 1.3.6.1.5.5.7.3.2; > - > > Document Signing AATL 1.2.840.113583.1.1.5; > - > > Document Signing MS 1.3.6.1.4.1.311.10.3.12 > > > - > > Certificate corpus: N/A > - > > Included in: Apple, Microsoft, Mozilla > > > > 6. > > D-TRUST Root Class 3 CA 2 2009: > - > > Certificate download links: (CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_Root_Class_3_CA_2_2009.crt> > / crt.sh > > <https://crt.sh/?q=49E7A442ACF0EA6287050054B52564B650E4F49E42E348D6AA38E039E957B1C1> > ) > - > > Use cases served/EKUs: > > > - > > Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > > > - > > Certificate corpus: here > > <https://search.censys.io/search?resource=certificates&q=49E7A442ACF0EA6287050054B52564B650E4F49E42E348D6AA38E039E957B1C1+and+labels%3Dever-trusted> > (Censys login required) > - > > Included in: Apple, Google Chrome, Microsoft, Mozilla > > > > 7. > > D-TRUST Root Class 3 CA 2 EV 2009: > - > > Certificate download links: (CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_Root_Class_3_CA_2_EV_2009.crt> > / crt.sh > > <https://crt.sh/?q=EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881> > ) > - > > Use cases served/EKUs: > > > - > > Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > > > - > > Certificate corpus: here > > <https://search.censys.io/search?resource=certificates&q=EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881+and+labels%3Dever-trusted> > (Censys login required) > - > > Included in: Apple, Google Chrome, Microsoft, Mozilla > > > Relevant Policy and Practices Documentation: > > - > > CP: http://www.d-trust.net/internet/files/D-TRUST_CP.pdf > - > > CPS: http://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf > - > > TSPS: https://www.d-trust.net/internet/files/D-TRUST_TSPS.pdf > > Most Recent Self-Assessment: > > - > > https://bugzilla.mozilla.org/attachment.cgi?id=9361619 (completed > 10/30/2023) > > Audit Statements: > > - > > Auditor: TÜViT - TÜV Informationstechnik GmbH > - > > Audit Criteria: ETSI > - > > Recent Audit Statement(s): > - > > Key Generation > > <https://www.tuev-nord.de/fileadmin/Content/TUEV_NORD_DE/zertifizierung/Zertifikate/en/AA2023062801_D-Trust_Root_Ceremony_2023-05_PIT_V2.0.pdf> > (May 9, 2023) > - > > Standard Audit > > <https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/en/AA2023121501_D-Trust-CAs_Standard_Audit_V1.0.pdf> > (Period: October 8, 2022 to October 7, 2023) > - > > TLS BR Audit > > <https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/en/AA2023121501_D-Trust-CAs_TLS-BR_Audit_V1.0.pdf> > (Period: October 8, 2022 to October 7, 2023) > - > > TLS EVG Audit > > <https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/en/AA2023121501_D-Trust-CAs_TLS-EV_Audit_V1.0.pdf> > (Period: October 8, 2022 to October 7, 2023) > > Incident Summary (Bugzilla incidents from previous 24 months): > > - > > 1682270 <https://bugzilla.mozilla.org/show_bug.cgi?id=1682270>: > D-TRUST: Private Key Disclosed by Customer as Part of CSR > - > > 1691117 <https://bugzilla.mozilla.org/show_bug.cgi?id=1691117>: > D-TRUST: Certificate with RSA key where modulus is not divisible by 8 > - > > 1756122 <https://bugzilla.mozilla.org/show_bug.cgi?id=1756122>: > D-TRUST: Wrong key usage (Key Agreement) > - > > 1793440 <https://bugzilla.mozilla.org/show_bug.cgi?id=1793440>: > D-TRUST: CRL not DER-encoded > - > > 1861069 <https://bugzilla.mozilla.org/show_bug.cgi?id=1861069>: > D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field > within subject > - > > 1862082 <https://bugzilla.mozilla.org/show_bug.cgi?id=1862082>: > D-Trust: Delay beyond 5 days in revoking misissued certificate > - > > 1879529 <https://bugzilla.mozilla.org/show_bug.cgi?id=1879529>: > D-Trust: "unknown" OCSP response for issued certificates > - > > 1884714 <https://bugzilla.mozilla.org/show_bug.cgi?id=1884714>: > D-Trust: LDAP-URL in Subscriber Certificate Authority Information Access > field > - > > 1891225 <https://bugzilla.mozilla.org/show_bug.cgi?id=1891225>: > D-Trust: Issuance of 15 certificates with incorrect subject attribute order > - > > 1893610 <https://bugzilla.mozilla.org/show_bug.cgi?id=1893610>: > D-Trust: Notice to affected Subscriber and person filing CPR not sent > within 24 hours > - > > 1896190 <https://bugzilla.mozilla.org/show_bug.cgi?id=1896190>: > D-Trust: Issuance of an EV certificate containing a mixup of the Subject's > postalCode and localityName > - > > 1913310 <https://bugzilla.mozilla.org/show_bug.cgi?id=1913310>: > D-Trust: CRL-Entries without required CRL Reason Code > > > Thank you, > > Ryan, on behalf of the CCADB Steering Committee > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/CADEW5O-BWJreka1U2n5Xk20aEcYK8cp8-yp1jTFOfTT-ef9L1g%40mail.gmail.com > <https://groups.google.com/a/ccadb.org/d/msgid/public/CADEW5O-BWJreka1U2n5Xk20aEcYK8cp8-yp1jTFOfTT-ef9L1g%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAOG%3DJUJEGeUJ-aooti63Tik-33Ef6%2BesoFtZkR_nHW-aRL-PSg%40mail.gmail.com.
