RE: AW: Public Discussion of Deutsche Telekom Security CA Inclusion Request

['Moudrick M. Dadashov' via CCADB Public]

Thank you, Stefan.Do I understand correctly that, despite of the organisational 
structure and the relationship between the group members, this CA is fully 
managed by Deutsche Telekom Security GmbH?Thanks,M.D.Sent from my Galaxy
 Original message From: stefan.ki...@telekom.de Date: 11/2/23  
15:29  (GMT+02:00) To: public@ccadb.org Cc: trustcenter-ro...@telekom.de 
Subject: AW: Public Discussion of Deutsche Telekom Security CA Inclusion 
Request 

Hi,
 
For our answer we assume that "Deutsche Telekom AG" is meant rather than 
"Deutsche Telekom GmbH" (such a company does not exist).

The relationship is as follows:
- Deutsche Telekom AG is the Group’s parent company
- Deutsche Telekom Security GmbH is a 100% subsidiary of Deutsche Telekom AG
- T-Systems International GmbH is a 100% subsidiary of Deutsche Telekom AG
 
With regard to the publicly trusted certificates, T-Systems International GmbH 
was the owner of the Root CA certificates as well as the operator of all Sub 
CAs of the Deutsche Telekom
 Group until 2020.
With the establishment of Deutsche Telekom Security GmbH in 2020, ownership of 
the Root CAs as well as operation of the Sub CAs of the Deutsche Telekom Group 
were transferred internally
 from T-Systems International GmbH to Deutsche Telekom Security GmbH. 
As the transfer also included all employees concerned, and operations continued 
at the same physical locations under the same conditions, the change mainly 
only took place on paper,
 with the name "T-Systems International GmbH" being replaced by "Deutsche 
Telekom Security GmbH" in the relevant documents and contracts.
 
Regarding the change of the Root ownership see also
https://groups.google.com/g/mozilla.dev.security.policy/c/pOu_jWY0SVY/m/2uLyuK4TAwAJ
  
 
Greetings
 
Stefan
 


Von: public@ccadb.org 
Im Auftrag von Moudrick M. Dadashov
Gesendet: Mittwoch, 1. November 2023 19:39
An: Ryan Dickson ; public 
Betreff: RE: Public Discussion of Deutsche Telekom Security CA Inclusion Request


 

Thank you. I’m trying to understand the organisational structure of the 
applicant.


 


Could someone please introduce us the relationship between Deutsche Telekom 
GmbH, Deutsche Telekom Security GmbH and T-Systems International
 GmbH?


 


Specifically I’m interested to understand their roles within the CA operations.


 


Thanks,


M.D.


 


 



Sent from my Galaxy



 


 


 Original message 


From: 'Ryan Dickson' via CCADB Public 



Date: 11/1/23 15:08 (GMT+02:00)



To: public 



Subject: Public Discussion of Deutsche Telekom Security CA Inclusion Request



 



All,
 

This email commences a six-week public discussion of Deutsche Telekom 
Security’s request to include the following CA certificates as publicly trusted 
root certificates in one or more CCADB Root Store
 Member’s program. This discussion period is scheduled to close on December 13, 
2023.
 

The purpose of this public discussion process is to promote openness and 
transparency. However, each Root Store makes its inclusion decisions 
independently, on its own timelines, and based on its own
 inclusion criteria. Successful completion of this public discussion process 
does not guarantee any favorable action by any root store.  
 

Anyone with concerns or questions is urged to raise them on this CCADB Public 
list by replying directly in this discussion thread. Likewise, a representative 
of the applicant must promptly respond directly
 in the discussion thread to all questions that are posted.
 

CCADB Case Number: 
1269
 

Organization Background Information (listed in CCADB):

·   
CA Owner Name:Deutsche Telekom Security GmbH

·   
Website:
https://www.telesec.de/

·   
Address:
Untere Industriestrasse 20, Netphen, 57250 Germany

·   
Problem Reporting Mechanisms:
https://www.telesec.de/en/kontakt-en

·   
Organization Type:
Private Corporation

o  
Deutsche Telekom Security is a subsidiary of Deutsche Telekom AG

·   
Repository URL:
https://www.telesec.de/en/service/downloads/pki-repository/ 
 

Certificates Requesting Inclusion:

1.
Telekom Security SMIME ECC Root 2021:

o  
Certificate download links: (CA Repository,

crt.sh)

o  
Use cases served/EKUs: 

§ 
Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4

o  
Test websites: N/A (S/MIME CA)
 

2.
Telekom Security TLS ECC Root 2020: 

o  
Certificate download links: (CA Repository,

crt.sh)

o  
Use cases served/EKUs: 

§ 
Server Authentication 1.3.6.1.5.5.7.3.1

§ 
Client Authentication 1.3.6.1.5.5.7.3.2

o  
Test websites:

§ 
Valid:
https://active.tstlser20.test.telesec.de/ 

§ 
Revoked:https://revoked.tstlser20.test.telesec.de/

§ 
Expired:
https://expired.tstlser20.test.telesec.de/ 
 

3.
Telekom Security SMIME RSA Root 2023:

o  
Certificate download links: (CA Repository,

crt.sh)

o  
Use cases served/EKUs: 

§ 
Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4

§ 
Client Authentication 1.3.6.1.5.5.7.3.2

o  
Test websites: N/A (S/MIME CA)
 

4.
Tel

Public Discussion of D-Trust CA Inclusion Request

[Ben Wilson]

All,

This email commences a six-week public discussion of D-Trust’s request to
include the following CA certificates as publicly trusted root certificates
in one or more CCADB Root Store Member’s program. This discussion period is
scheduled to close on December 15, 2023.

The purpose of this public discussion process is to promote openness and
transparency. However, each Root Store makes its inclusion decisions
independently, on its own timelines, and based on its own inclusion
criteria. Successful completion of this public discussion process does not
guarantee any favorable action by any root store.

Anyone with concerns or questions is urged to raise them on this CCADB
Public list by replying directly in this discussion thread. Likewise, a
representative of the applicant must promptly respond directly in the
discussion thread to all questions that are posted.

CCADB Case Numbers:   # 1000

and # 1001


Organization Background Information (listed in CCADB):

   -

   CA Owner Name: D-Trust GmbH
   -

   Website:  https://www.d-trust.net/en
   -

   Address:  Kommandantenstr. 15, Berlin, 10969, Germany
   -

   Problem Reporting Mechanisms:
   -

  https://www.d-trust.net/en/support/reporting-certificate-problem
  -

   Organization Type: D-Trust GmbH is a subsidiary of the Bundesdruckerei
   Group GmbH (bdr) and is fully owned by the German State.
   -

   Repository URL:  https://www.bundesdruckerei.de/en/Repository

Certificates Requested for Inclusion:

   1.

   D-Trust SBR Root CA 1 2022:
   -

  384-bit ECC
  -

  Certificate download links: (CA Repository
  ,
  crt.sh
  

  )
  -

  Use cases served/EKUs:
  -

 Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
 -

 Client Authentication 1.3.6.1.5.5.7.3.2
 -

 Document Signing AATL 1.2.840.113583.1.1.5
 -

 Document Signing MS 1.3.6.1.4.1.311.10.3.12



   1.

   D-Trust SBR Root CA 2 2022:
   -

  4096-bit RSA
  -

  Certificate download links: (CA Repository
  ,
  crt.sh
  

  )
  -

  Use cases served/EKUs:
  -

 Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
 -

 Client Authentication 1.3.6.1.5.5.7.3.2
 -

 Document Signing AATL 1.2.840.113583.1.1.5
 -

 Document Signing MS 1.3.6.1.4.1.311.10.3.12

Relevant Policy and Practices Documentation:

   -

   Certificate Policy - CP of D-Trust GmbH
   , v.5.1, valid
   from 28-Sept-2023
   -

   Trust Services Practice Statement - TSPS of D-Trust
   , v.1.8, valid
   from 28-Sept-2023
   -

   Certification Practice Statement - CPS of the D-Trust Root PKI
   ,
   v.3.10, valid from 31-May-2023

Most Recent Self-Assessment / CPS Review:

   -

   D-Trust - CCADB Self Assessment (v1.2) 2023
    (XLS)
   (2-November-2023)

Audit Statements:

   -

   Auditor: TÜV Informationstechnik GmbH
   -

   Audit Criteria:
   -

  ETSI EN 319 411-1, V1.3.1 (2021-05)
  -

  ETSI EN 319 401, V2.3.1 (2021-05)
  -

  Baseline Requirements, version 1.8.4
  -

  ETSI EN 319 403 V2.2.2 (2015-08)
  -

  ETSI TS 119 403-2 V1.2.4 (2020-11)
  -

   Date of Audit Issuance: December 16, 2022
   -

   For Period of Time: 2022-07-06 to 2022-10-07
   -

   Audit Statement(s):
   -


  
https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2022121606_D-Trust_SBR_Root_CA_1_2022.pdf
  -


  
https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2022121607_D-Trust_SBR_Root_CA_2_2022.pdf


Thank you,

Ben, on behalf of the CCADB Steering Committee

-- 
You received this message because you are subscribed to the Google Groups 
"CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to public+unsubscr...@ccadb.org.
To view this discussion on the web visit 
https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtaZes1TUd8UefomNVXxXMn%3DamoGjQ95226zJZUuHPPZ%2BgQ%40mail.gmail.com.