Hi Amir, Thanks for the wishes. I will let her know. How do you measure that it worked so far as needed? I guess if the goal is to discourage people from reporting issues, it does a great job with that.
The process worked because we have been receiving CPRs from different parties. The goal is to avoid as much spam or misdirected support cases as possible. The PDF ensures that the user is guided to send us all relevant information. Thanks, Enrico Von: Amir Omidi <[email protected]> Gesendet: Samstag, 5. Oktober 2024 18:54 An: Entschew, Enrico <[email protected]> Cc: 'Amir Omidi' via CCADB Public <[email protected]>; Sahin, Leyla (D-Trust) <[email protected]>; Ryan Dickson <[email protected]> Betreff: Re: Public Discussion of D-Trust TLS CA Inclusion Request Hope she feels better soon. Why was this correspondence still missed though? I'm glad to hear you'll improve your CPR process. How do you measure that it worked so far as needed? I guess if the goal is to discourage people from reporting issues, it does a great job with that. On Sat, Oct 5, 2024 at 12:46 Entschew, Enrico <[email protected]<mailto:[email protected]>> wrote: Hi Amir, Leyla is on sick leave. Therefore I'll take over for her. We understand that the current CPR process is not convenient but it fulfills all requirements and worked so far as needed. We are in the process of creating an improved version of the CPR process which will be introduced as a web form by the end of the year. Thanks, Enrico ________________________________ Von: 'Amir Omidi' via CCADB Public <[email protected]<mailto:[email protected]>> Gesendet: Samstag, 5. Oktober 2024 01:27 An: Sahin, Leyla (D-Trust) <[email protected]<mailto:[email protected]>> Cc: public <[email protected]<mailto:[email protected]>>; Ryan Dickson <[email protected]<mailto:[email protected]>> Betreff: Re: Public Discussion of D-Trust TLS CA Inclusion Request So, it's been definitely more than a week. Not remembering your public commitments does not inspire confidence. I think if you're having these types of mistakes this early on, root programs should not welcome you into their trust stores. On Fri, Sep 13, 2024 at 06:16 Sahin, Leyla <[email protected]<mailto:[email protected]>> wrote: Dear Amir, Thank you for your comment. We will review this and come back to you by the end of next week. Greetings, Leyla Von: 'Amir Omidi' via CCADB Public <[email protected]<mailto:[email protected]>> Gesendet: Donnerstag, 12. September 2024 16:17 An: Ryan Dickson <[email protected]<mailto:[email protected]>> Cc: public <[email protected]<mailto:[email protected]>> Betreff: Re: Public Discussion of D-Trust TLS CA Inclusion Request The CPR process ( https://www.d-trust.net/en/support/reporting-certificate-problem) seems quite annoying. Downloading and editing a PDF just to send a CPR is a bit too much. On Thu, Sep 12, 2024 at 09:15 'Ryan Dickson' via CCADB Public <[email protected]<mailto:[email protected]>> wrote: All, This email commences a six-week public discussion of D-Trust's request to include the following certificates as publicly trusted root certificates in one or more CCADB Root Store Member's program. This discussion period is scheduled to close on October 24, 2024. The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any root store. Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of the applicant must promptly respond directly in the discussion thread to all questions that are posted. CCADB Case Number: 00001362<https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001362> and 00001363<https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001363> Organization Background Information (listed in the CCADB): * CA Owner Name: D-Trust * Website: https://www.d-trust.net/en * Address: Kommandantenstr. 15, Berlin, 10969, Germany<https://www.google.com/maps/search/Kommandantenstr.+15,+Berlin,+10969,+Germany?entry=gmail&source=g> * Problem Reporting Mechanisms: https://www.d-trust.net/en/support/reporting-certificate-problem * Organization Type: Government Agency * Repository URL: https://www.bundesdruckerei.de/en/Repository Certificates Requesting Inclusion: 1. D-TRUST EV Root CA 2 2023: o Certificate download links: CA Repository<https://www.d-trust.net/cgi-bin/D-TRUST_EV_Root_CA_2_2023.crt> / crt.sh<https://crt.sh/?q=8E8221B2E7D4007836A1672F0DCC299C33BC07D316F132FA1A206D587150F1CE> o Use cases served/EKUs: * Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 * Client Authentication 1.3.6.1.5.5.7.3.2 o Test websites: * Valid: https://certdemo-ev-valid-rsa.tls.d-trust.net/ * Revoked: https://certdemo-ev-revoked-rsa.tls.d-trust.net/ * Expired: https://certdemo-ev-expired-rsa.tls.d-trust.net/ o Replacement notice: D-Trust has communicated intent to use this applicant root to replace D-TRUST Root Class 3 CA 2 EV 2009<https://crt.sh/?q=EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881> in some root stores, with the replacement taking place approximately on September 1, 2026. 2. D-TRUST BR Root CA 2 2023: o Certificate download links: CA Repository<https://www.d-trust.net/cgi-bin/D-TRUST_BR_Root_CA_2_2023.crt> / crt.sh<https://crt.sh/?q=0552E6F83FDF65E8FA9670E666DF28A4E21340B510CBE52566F97C4FB94B2BD1> o Use cases served/EKUs: * Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 * Client Authentication 1.3.6.1.5.5.7.3.2 o Test websites: * Valid: https://certdemo-dv-valid-rsa.tls.d-trust.net/ * Revoked: https://certdemo-dv-revoked-rsa.tls.d-trust.net/ * Expired: https://certdemo-dv-expired-rsa.tls.d-trust.net/ o Replacement notice: D-Trust has communicated intent to use this applicant root to replace D-TRUST Root Class 3 CA 2 2009<https://crt.sh/?q=49e7a442acf0ea6287050054b52564b650e4f49e42e348d6aa38e039e957b1c1> in some root stores, with the replacement taking place approximately on September 1, 2026. Existing Publicly Trusted Root CAs from D-Trust: 1. D-TRUST BR Root CA 1 2020: o Certificate download links: (CA Repository<https://www.d-trust.net/cgi-bin/D-TRUST_BR_Root_CA_1_2020.crt> /crt.sh<https://crt.sh/?q=E59AAA816009C22BFF5B25BAD37DF306F049797C1F81D85AB089E657BD8F0044>) o Use cases served/EKUs: * Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 * Client Authentication 1.3.6.1.5.5.7.3.2 o Certificate corpus: here<https://search.censys.io/search?resource=certificates&q=E59AAA816009C22BFF5B25BAD37DF306F049797C1F81D85AB089E657BD8F0044%09+and+labels%3Dever-trusted> (Censys login required) o Included in: Google Chrome, Mozilla 2. D-Trust SBR Root CA 1 2022: o Certificate download links: (CA Repository<http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_1_2022.crt> / crt.sh<https://crt.sh/?q=D92C171F5CF890BA428019292927FE22F3207FD2B54449CB6F675AF4922146E2>) o Use cases served/EKUs: * Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; * Client Authentication 1.3.6.1.5.5.7.3.2; * Document Signing AATL 1.2.840.113583.1.1.5; * Document Signing MS 1.3.6.1.4.1.311.10.3.12 o Certificate corpus: N/A o Included in: Mozilla 3. D-Trust SBR Root CA 2 2022: o Certificate download links: (CA Repository<http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_2_2022.crt> / crt.sh<https://crt.sh/?q=DBA84DD7EF622D485463A90137EA4D574DF8550928F6AFA03B4D8B1141E636CC>) o Use cases served/EKUs: * Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; * Client Authentication 1.3.6.1.5.5.7.3.2; * Document Signing AATL 1.2.840.113583.1.1.5; * Document Signing MS 1.3.6.1.4.1.311.10.3.12 o Certificate corpus: N/A o Included in: Mozilla 4. D-TRUST EV Root CA 1 2020: o Certificate download links: (CA Repository<https://www.d-trust.net/cgi-bin/D-TRUST_EV_Root_CA_1_2020.crt> / crt.sh<https://crt.sh/?q=08170D1AA36453901A2F959245E347DB0C8D37ABAABC56B81AA100DC958970DB>) o Use cases served/EKUs: * Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 * Client Authentication 1.3.6.1.5.5.7.3.2 o Certificate corpus: here<https://search.censys.io/search?resource=certificates&q=08170D1AA36453901A2F959245E347DB0C8D37ABAABC56B81AA100DC958970DB+and+labels%3Dever-trusted> (Censys login required) o Included in: Google Chrome, Mozilla 5. D-TRUST Root CA 3 2013: o Certificate download links: (CA Repository<https://www.d-trust.net/cgi-bin/D-TRUST_Root_CA_3_2013.crt> / crt.sh<https://crt.sh/?q=A1A86D04121EB87F027C66F53303C28E5739F943FC84B38AD6AF009035DD9457>) o Use cases served/EKUs: * Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; * Client Authentication 1.3.6.1.5.5.7.3.2; * Document Signing AATL 1.2.840.113583.1.1.5; * Document Signing MS 1.3.6.1.4.1.311.10.3.12 o Certificate corpus: N/A o Included in: Apple, Microsoft, Mozilla 6. D-TRUST Root Class 3 CA 2 2009: o Certificate download links: (CA Repository<https://www.d-trust.net/cgi-bin/D-TRUST_Root_Class_3_CA_2_2009.crt> / crt.sh<https://crt.sh/?q=49E7A442ACF0EA6287050054B52564B650E4F49E42E348D6AA38E039E957B1C1>) o Use cases served/EKUs: * Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; * Client Authentication 1.3.6.1.5.5.7.3.2 o Certificate corpus: here<https://search.censys.io/search?resource=certificates&q=49E7A442ACF0EA6287050054B52564B650E4F49E42E348D6AA38E039E957B1C1+and+labels%3Dever-trusted> (Censys login required) o Included in: Apple, Google Chrome, Microsoft, Mozilla 7. D-TRUST Root Class 3 CA 2 EV 2009: o Certificate download links: (CA Repository<https://www.d-trust.net/cgi-bin/D-TRUST_Root_Class_3_CA_2_EV_2009.crt> / crt.sh<https://crt.sh/?q=EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881>) o Use cases served/EKUs: * Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; * Client Authentication 1.3.6.1.5.5.7.3.2 o Certificate corpus: here<https://search.censys.io/search?resource=certificates&q=EEC5496B988CE98625B934092EEC2908BED0B0F316C2D4730C84EAF1F3D34881+and+labels%3Dever-trusted> (Censys login required) o Included in: Apple, Google Chrome, Microsoft, Mozilla Relevant Policy and Practices Documentation: * CP: http://www.d-trust.net/internet/files/D-TRUST_CP.pdf * CPS: http://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf * TSPS: https://www.d-trust.net/internet/files/D-TRUST_TSPS.pdf Most Recent Self-Assessment: * https://bugzilla.mozilla.org/attachment.cgi?id=9361619 (completed 10/30/2023) Audit Statements: * Auditor: TÜViT - TÜV Informationstechnik GmbH * Audit Criteria: ETSI * Recent Audit Statement(s): o Key Generation<https://www.tuev-nord.de/fileadmin/Content/TUEV_NORD_DE/zertifizierung/Zertifikate/en/AA2023062801_D-Trust_Root_Ceremony_2023-05_PIT_V2.0.pdf> (May 9, 2023) o -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/BE1P281MB2195B5775F7F97270DAA64A786782%40BE1P281MB2195.DEUP281.PROD.OUTLOOK.COM.
