So, it’s been definitely more than a week. Not remembering your public commitments does not inspire confidence. I think if you’re having these types of mistakes this early on, root programs should not welcome you into their trust stores.
On Fri, Sep 13, 2024 at 06:16 Sahin, Leyla <[email protected]> wrote: > Dear Amir, > > > > Thank you for your comment. We will review this and come back to you by > the end of next week. > > > > Greetings, > > Leyla > > > > *Von:* 'Amir Omidi' via CCADB Public <[email protected]> > *Gesendet:* Donnerstag, 12. September 2024 16:17 > *An:* Ryan Dickson <[email protected]> > *Cc:* public <[email protected]> > *Betreff:* Re: Public Discussion of D-Trust TLS CA Inclusion Request > > > > The CPR process ( > > https://www.d-trust.net/en/support/reporting-certificate-problem) seems > quite annoying. Downloading and editing a PDF just to send a CPR is a bit > too much. > > > > On Thu, Sep 12, 2024 at 09:15 'Ryan Dickson' via CCADB Public < > [email protected]> wrote: > > All, > > > > This email commences a six-week public discussion of D-Trust’s request to > include the following certificates as publicly trusted root certificates in > one or more CCADB Root Store Member’s program. This discussion period is > scheduled to close on October 24, 2024. > > > > The purpose of this public discussion process is to promote openness and > transparency. However, each Root Store makes its inclusion decisions > independently, on its own timelines, and based on its own inclusion > criteria. Successful completion of this public discussion process does not > guarantee any favorable action by any root store. > > > > Anyone with concerns or questions is urged to raise them on this CCADB > Public list by replying directly in this discussion thread. Likewise, a > representative of the applicant must promptly respond directly in the > discussion thread to all questions that are posted. > > *CCADB Case Number: *00001362 > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001362> > and 00001363 > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001363> > > *Organization Background Information (listed in the CCADB):* > > · *CA Owner Name:* D-Trust > > · *Website: *https://www.d-trust.net/en > > · *Address: *Kommandantenstr. 15, Berlin, 10969, Germany > <https://www.google.com/maps/search/Kommandantenstr.+15,+Berlin,+10969,+Germany?entry=gmail&source=g> > > · *Problem Reporting Mechanisms: * > https://www.d-trust.net/en/support/reporting-certificate-problem > > · *Organization Type: *Government Agency > > · *Repository URL: *https://www.bundesdruckerei.de/en/Repository > > *Certificates Requesting Inclusion:* > > > > *1. **D-TRUST EV Root CA 2 2023:* > > o *Certificate download links:* CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_EV_Root_CA_2_2023.crt> / crt.sh > <https://crt.sh/?q=8E8221B2E7D4007836A1672F0DCC299C33BC07D316F132FA1A206D587150F1CE> > > o *Use cases served/EKUs:* > > § Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o *Test websites:* > > § Valid: https://certdemo-ev-valid-rsa.tls.d-trust.net/ > > § Revoked: https://certdemo-ev-revoked-rsa.tls.d-trust.net/ > > § Expired: https://certdemo-ev-expired-rsa.tls.d-trust.net/ > > o *Replacement notice:* D-Trust has communicated intent to use this > applicant root to replace D-TRUST Root Class 3 CA 2 EV 2009 > <https://crt.sh/?q=EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881> > in some root stores, with the replacement taking place approximately on > September 1, 2026. > > > > *2. **D-TRUST BR Root CA 2 2023:* > > o *Certificate download links:* CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_BR_Root_CA_2_2023.crt> / crt.sh > <https://crt.sh/?q=0552E6F83FDF65E8FA9670E666DF28A4E21340B510CBE52566F97C4FB94B2BD1> > > o *Use cases served/EKUs:* > > § Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o *Test websites:* > > § Valid: https://certdemo-dv-valid-rsa.tls.d-trust.net/ > > § Revoked: https://certdemo-dv-revoked-rsa.tls.d-trust.net/ > > § Expired: https://certdemo-dv-expired-rsa.tls.d-trust.net/ > > o *Replacement notice:* D-Trust has communicated intent to use this > applicant root to replace D-TRUST Root Class 3 CA 2 2009 > <https://crt.sh/?q=49e7a442acf0ea6287050054b52564b650e4f49e42e348d6aa38e039e957b1c1> > in some root stores, with the replacement taking place approximately on > September 1, 2026. > > > > *Existing Publicly Trusted Root CAs from D-Trust:* > > *1. **D-TRUST BR Root CA 1 2020:* > > o *Certificate download links:* (CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_BR_Root_CA_1_2020.crt> /crt.sh > <https://crt.sh/?q=E59AAA816009C22BFF5B25BAD37DF306F049797C1F81D85AB089E657BD8F0044> > ) > > o *Use cases served/EKUs:* > > § Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o *Certificate corpus:* here > <https://search.censys.io/search?resource=certificates&q=E59AAA816009C22BFF5B25BAD37DF306F049797C1F81D85AB089E657BD8F0044%09+and+labels%3Dever-trusted> > (Censys login required) > > o *Included in:* Google Chrome, Mozilla > > *2. **D-Trust SBR Root CA 1 2022:* > > o *Certificate download links:* (CA Repository > <http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_1_2022.crt> / crt.sh > <https://crt.sh/?q=D92C171F5CF890BA428019292927FE22F3207FD2B54449CB6F675AF4922146E2> > ) > > o *Use cases served/EKUs: * > > § Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; > > § Client Authentication 1.3.6.1.5.5.7.3.2; > > § Document Signing AATL 1.2.840.113583.1.1.5; > > § Document Signing MS 1.3.6.1.4.1.311.10.3.12 > > o *Certificate corpus:* N/A > > o *Included in:* Mozilla > > *3. **D-Trust SBR Root CA 2 2022:* > > o *Certificate download links:* (CA Repository > <http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_2_2022.crt> / crt.sh > <https://crt.sh/?q=DBA84DD7EF622D485463A90137EA4D574DF8550928F6AFA03B4D8B1141E636CC> > ) > > o *Use cases served/EKUs:* > > § Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; > > § Client Authentication 1.3.6.1.5.5.7.3.2; > > § Document Signing AATL 1.2.840.113583.1.1.5; > > § Document Signing MS 1.3.6.1.4.1.311.10.3.12 > > o *Certificate corpus:* N/A > > o *Included in: *Mozilla > > *4. **D-TRUST EV Root CA 1 2020:* > > o *Certificate download links:* (CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_EV_Root_CA_1_2020.crt> / crt.sh > <https://crt.sh/?q=08170D1AA36453901A2F959245E347DB0C8D37ABAABC56B81AA100DC958970DB> > ) > > o *Use cases served/EKUs: * > > § Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o *Certificate corpus:* here > <https://search.censys.io/search?resource=certificates&q=08170D1AA36453901A2F959245E347DB0C8D37ABAABC56B81AA100DC958970DB+and+labels%3Dever-trusted> > (Censys login required) > > o *Included in:* Google Chrome, Mozilla > > > > *5. **D-TRUST Root CA 3 2013:* > > o *Certificate download links:* (CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_Root_CA_3_2013.crt> / crt.sh > <https://crt.sh/?q=A1A86D04121EB87F027C66F53303C28E5739F943FC84B38AD6AF009035DD9457> > ) > > o *Use cases served/EKUs: * > > § Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; > > § Client Authentication 1.3.6.1.5.5.7.3.2; > > § Document Signing AATL 1.2.840.113583.1.1.5; > > § Document Signing MS 1.3.6.1.4.1.311.10.3.12 > > o *Certificate corpus:* N/A > > o *Included in: *Apple, Microsoft, Mozilla > > > > *6. **D-TRUST Root Class 3 CA 2 2009:* > > o *Certificate download links:* (CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_Root_Class_3_CA_2_2009.crt> / > crt.sh > <https://crt.sh/?q=49E7A442ACF0EA6287050054B52564B650E4F49E42E348D6AA38E039E957B1C1> > ) > > o *Use cases served/EKUs: * > > § Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o *Certificate corpus:* here > <https://search.censys.io/search?resource=certificates&q=49E7A442ACF0EA6287050054B52564B650E4F49E42E348D6AA38E039E957B1C1+and+labels%3Dever-trusted> > (Censys login required) > > o *Included in:* Apple, Google Chrome, Microsoft, Mozilla > > > > *7. **D-TRUST Root Class 3 CA 2 EV 2009:* > > o *Certificate download links:* (CA Repository > <https://www.d-trust.net/cgi-bin/D-TRUST_Root_Class_3_CA_2_EV_2009.crt> / > crt.sh > <https://crt.sh/?q=EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881> > ) > > o *Use cases served/EKUs: * > > § Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o *Certificate corpus:* here > <https://search.censys.io/search?resource=certificates&q=EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881+and+labels%3Dever-trusted> > (Censys login required) > > o *Included in:* Apple, Google Chrome, Microsoft, Mozilla > > > > *Relevant Policy and Practices Documentation: * > > · *CP: *http://www.d-trust.net/internet/files/D-TRUST_CP.pdf > > · *CPS:* http://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf > > · *TSPS:* https://www.d-trust.net/internet/files/D-TRUST_TSPS.pdf > > *Most Recent Self-Assessment:* > > · https://bugzilla.mozilla.org/attachment.cgi?id=9361619 (completed > 10/30/2023) > > *Audit Statements:* > > · *Auditor:* TÜViT - TÜV Informationstechnik GmbH > > · *Audit Criteria:* ETSI > > · *Recent Audit Statement(s)*: > > o Key Generation > <https://www.tuev-nord.de/fileadmin/Content/TUEV_NORD_DE/zertifizierung/Zertifikate/en/AA2023062801_D-Trust_Root_Ceremony_2023-05_PIT_V2.0.pdf> > (May 9, 2023) > > o Standard Audit > <https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/en/AA2023121501_D-Trust-CAs_Standard_Audit_V1.0.pdf> > (Period: October 8, 2022 to October 7, 2023) > > o TLS BR Audit > <https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/en/AA2023121501_D-Trust-CAs_TLS-BR_Audit_V1.0.pdf> > (Period: October 8, 2022 to October 7, 2023) > > o TLS EVG Audit > <https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/en/AA2023121501_D-Trust-CAs_TLS-EV_Audit_V1.0.pdf> > (Period: October 8, 2022 to October 7, 2023) > > *Incident Summary (Bugzilla incidents from previous 24 months):* > > · 1682270 <https://bugzilla.mozilla.org/show_bug.cgi?id=1682270>: > D-TRUST: Private Key Disclosed by Customer as Part of CSR > > · 1691117 <https://bugzilla.mozilla.org/show_bug.cgi?id=1691117>: > D-TRUST: Certificate with RSA key where modulus is not divisible by 8 > > · 1756122 <https://bugzilla.mozilla.org/show_bug.cgi?id=1756122>: > D-TRUST: Wrong key usage (Key Agreement) > > · 1793440 <https://bugzilla.mozilla.org/show_bug.cgi?id=1793440>: > D-TRUST: CRL not DER-encoded > > · 1861069 <https://bugzilla.mozilla.org/show_bug.cgi?id=1861069>: > D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field > within subject > > · 1862082 <https://bugzilla.mozilla.org/show_bug.cgi?id=1862082>: > D-Trust: Delay beyond 5 days in revoking misissued certificate > > · 1879529 <https://bugzilla.mozilla.org/show_bug.cgi?id=1879529>: > D-Trust: "unknown" OCSP response for issued certificates > > · 1884714 <https://bugzilla.mozilla.org/show_bug.cgi?id=1884714>: > D-Trust: LDAP-URL in Subscriber Certificate Authority Information Access > field > > · 1891225 <https://bugzilla.mozilla.org/show_bug.cgi?id=1891225>: > D-Trust: Issuance of 15 certificates with incorrect subject attribute order > > · 1893610 <https://bugzilla.mozilla.org/show_bug.cgi?id=1893610>: > D-Trust: Notice to affected Subscriber and person filing CPR not sent > within 24 hours > > · 1896190 <https://bugzilla.mozilla.org/show_bug.cgi?id=1896190>: > D-Trust: Issuance of an EV certificate containing a mixup of the Subject's > postalCode and localityName > > · 1913310 <https://bugzilla.mozilla.org/show_bug.cgi?id=1913310>: > D-Trust: CRL-Entries without required CRL Reason Code > > > > Thank you, > > Ryan, on behalf of the CCADB Steering Committee > > > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/CADEW5O-BWJreka1U2n5Xk20aEcYK8cp8-yp1jTFOfTT-ef9L1g%40mail.gmail.com > <https://groups.google.com/a/ccadb.org/d/msgid/public/CADEW5O-BWJreka1U2n5Xk20aEcYK8cp8-yp1jTFOfTT-ef9L1g%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/CAOG%3DJUJEGeUJ-aooti63Tik-33Ef6%2BesoFtZkR_nHW-aRL-PSg%40mail.gmail.com > <https://groups.google.com/a/ccadb.org/d/msgid/public/CAOG%3DJUJEGeUJ-aooti63Tik-33Ef6%2BesoFtZkR_nHW-aRL-PSg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAOG%3DJU%2BC4iyS2wFoBcj0NKuWF8DQrTXHfOQMwneLSaA%2BCYa7VQ%40mail.gmail.com.
