Re: Public Discussion of D-Trust CA Inclusion Request

2023-12-19 Thread Ben Wilson 
All,

On November 3, 2023, we began a six-week, public discussion[1] on the
following root CA certificates issued by D-Trust:

   1.

   D-Trust SBR Root CA 1 2022:
   -

  384-bit ECC
  -

  Certificate download links: (CA Repository
  ,
  crt.sh
  

  )
  -

  Use cases served/EKUs:
  -

 Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
 -

 Client Authentication 1.3.6.1.5.5.7.3.2
 -

 Document Signing AATL 1.2.840.113583.1.1.5
 -

 Document Signing MS 1.3.6.1.4.1.311.10.3.12



   1.

   D-Trust SBR Root CA 2 2022:
   -

  4096-bit RSA
  -

  Certificate download links: (CA Repository
  ,
  crt.sh
  

  )
  -

  Use cases served/EKUs:
  -

 Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
 -

 Client Authentication 1.3.6.1.5.5.7.3.2
 -

 Document Signing AATL 1.2.840.113583.1.1.5
 -

 Document Signing MS 1.3.6.1.4.1.311.10.3.12

The public discussion period ended last Friday, December 15, 2023.

We did not receive any objections or other questions or comments in
opposition to D-Trust’s request. We thank the community for its review and
consideration during this period. Root Store Programs will make final
inclusion decisions independently, on their own timelines, and based on
each Root Store Member’s inclusion criteria. Further discussion may take
place in the independently managed Root Store community forums (e.g. MDSP).

Thanks,

Ben Wilson

On behalf of the CCADB Steering Committee
[1]
https://groups.google.com/a/ccadb.org/g/public/c/EPVczE_6oCc/m/s90nO9-EBAAJ

On Fri, Dec 8, 2023 at 10:52 AM Ben Wilson  wrote:

> Greetings,
>
> This is a reminder that the public discussion period on the inclusion
> application of D-Trust will close next Friday, December 15, 2023.
>
> Thank you,
> Ben Wilson, on behalf of the CCADB Steering Committee
>
> On Mon, Nov 6, 2023 at 10:02 AM Ben Wilson  wrote:
>
>> All,
>>
>> Regarding the D-Trust Certification Practice Statement—instead of
>> referencing the D-Trust Root PKI CPS, it should have referenced the CPS of
>> the D-Trust CSM PKI, v.4.0, valid from 28-September-2023 (
>> https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf) (from 19
>> July 2023, the CSM PKI CPS applies to certificates with policy levels
>> QEVCP-w, QNCP-w, EVCP, OVCP and LCP).
>>
>> Also, it didn’t mention the following Bugzilla bugs opened in the past 24
>> months:
>>
>> 1756122 
>>
>> D-TRUST: Wrong key usage (Key Agreement)
>> 
>>
>> RESOLVED
>>
>> [dv-misissuance]
>>
>> 1793440 
>>
>> D-TRUST: CRL not DER-encoded
>> 
>>
>> RESOLVED
>>
>> [crl-failure]
>>
>> 1861069 
>>
>> D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field
>> within subject 
>>
>> OPEN
>>
>> [dv-misissuance]
>>
>> 1862082 
>>
>> D-Trust: Delay beyond 5 days in revoking misissued certificate
>> 
>>
>> OPEN
>>
>> [leaf-revocation-delay]
>>
>>
>>
>> Ben
>>
>> On Fri, Nov 3, 2023 at 9:39 AM Ben Wilson  wrote:
>>
>>> All,
>>>
>>> This email commences a six-week public discussion of D-Trust’s request
>>> to include the following CA certificates as publicly trusted root
>>> certificates in one or more CCADB Root Store Member’s program. This
>>> discussion period is scheduled to close on December 15, 2023.
>>>
>>> The purpose of this public discussion process is to promote openness and
>>> transparency. However, each Root Store makes its inclusion decisions
>>> independently, on its own timelines, and based on its own inclusion
>>> criteria. Successful completion of this public discussion process does not
>>> guarantee any favorable action by any root store.
>>>
>>> Anyone with concerns or questions is urged to raise them on this CCADB
>>> Public list by replying directly in this discussion thread. Likewise, a
>>> representative of the applicant must promptly respond directly in the
>>> discussion thread to all questions that are posted.
>>>
>>> CCADB Case Numbers:   # 1000
>>> 
>>> and # 1001
>>> 
>>>
>>> Organization Background Information

Re: CCADB Update: Upcoming Addition of Network Security and S/MIME Audits in the CCADB

2023-12-19 Thread Ben Wilson 
Greetings,
The previously mentioned updates to the CCADB have been made. Please let us
know if you have any questions.
Thanks,
Ben

On Wed, Dec 13, 2023 at 3:29 PM 'Hannah Sokol' via CCADB Public <
public@ccadb.org> wrote:

> All,
>
>
>
> On Thursday, December 14, 2023, we will be updating the CCADB to introduce
> the ability to upload Network Security and S/MIME audit statements to the
> AUDITS tab for ‘Add/Update Root Request' cases.
>
>
>
> CA Owners should not be impacted during this update.
>
>
>
> This new functionality should enable CA Owners to:
>
>
>
> + Add Network Security and S/MIME Audit Statements to Root CA root records
> using the AUDITS tab of an 'Add/Update Root Request' case.
>
> + Add Network Security and S/MIME Audit Statements to Subordinate CA
> records in the same manner as done today with other types of Audit
> Statements.
>
> + Archive Network Security and S/MIME Audit Statements.
>
>
>
> We will also have a new “All Cert Information v2” csv report hosted in
> parallel with the existing report, accessible from
> https://www.ccadb.org/resources. This new report will include data on
> S/MIME and Network Security audits. (Version 1 of the report will
> eventually be discontinued.)
>
>
>
> We will send a separate email on Friday, December 15th, 2023, when these
> functionalities are fully available.
>
>
>
> Thank you,
>
> - Hannah, on behalf of the CCADB Steering Committee
>
> --
> You received this message because you are subscribed to the Google Groups
> "CCADB Public" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to public+unsubscr...@ccadb.org.
> To view this discussion on the web visit
> https://groups.google.com/a/ccadb.org/d/msgid/public/MW4PR00MB1028130539F41B38D7E716989B8DA%40MW4PR00MB1028.namprd00.prod.outlook.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to public+unsubscr...@ccadb.org.
To view this discussion on the web visit 
https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtabcRVVcwTtepFY-0RMrRRnfTBnavfAOL%3Dp%2BquoPn0c7uQ%40mail.gmail.com.