Re: Public Discussion of D-Trust CA Inclusion Request

2023-12-19 Thread Ben Wilson 
All,

On November 3, 2023, we began a six-week, public discussion[1] on the
following root CA certificates issued by D-Trust:

   1.

   D-Trust SBR Root CA 1 2022:
   -

  384-bit ECC
  -

  Certificate download links: (CA Repository
  ,
  crt.sh
  

  )
  -

  Use cases served/EKUs:
  -

 Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
 -

 Client Authentication 1.3.6.1.5.5.7.3.2
 -

 Document Signing AATL 1.2.840.113583.1.1.5
 -

 Document Signing MS 1.3.6.1.4.1.311.10.3.12



   1.

   D-Trust SBR Root CA 2 2022:
   -

  4096-bit RSA
  -

  Certificate download links: (CA Repository
  ,
  crt.sh
  

  )
  -

  Use cases served/EKUs:
  -

 Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
 -

 Client Authentication 1.3.6.1.5.5.7.3.2
 -

 Document Signing AATL 1.2.840.113583.1.1.5
 -

 Document Signing MS 1.3.6.1.4.1.311.10.3.12

The public discussion period ended last Friday, December 15, 2023.

We did not receive any objections or other questions or comments in
opposition to D-Trust’s request. We thank the community for its review and
consideration during this period. Root Store Programs will make final
inclusion decisions independently, on their own timelines, and based on
each Root Store Member’s inclusion criteria. Further discussion may take
place in the independently managed Root Store community forums (e.g. MDSP).

Thanks,

Ben Wilson

On behalf of the CCADB Steering Committee
[1]
https://groups.google.com/a/ccadb.org/g/public/c/EPVczE_6oCc/m/s90nO9-EBAAJ

On Fri, Dec 8, 2023 at 10:52 AM Ben Wilson  wrote:

> Greetings,
>
> This is a reminder that the public discussion period on the inclusion
> application of D-Trust will close next Friday, December 15, 2023.
>
> Thank you,
> Ben Wilson, on behalf of the CCADB Steering Committee
>
> On Mon, Nov 6, 2023 at 10:02 AM Ben Wilson  wrote:
>
>> All,
>>
>> Regarding the D-Trust Certification Practice Statement—instead of
>> referencing the D-Trust Root PKI CPS, it should have referenced the CPS of
>> the D-Trust CSM PKI, v.4.0, valid from 28-September-2023 (
>> https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf) (from 19
>> July 2023, the CSM PKI CPS applies to certificates with policy levels
>> QEVCP-w, QNCP-w, EVCP, OVCP and LCP).
>>
>> Also, it didn’t mention the following Bugzilla bugs opened in the past 24
>> months:
>>
>> 1756122 
>>
>> D-TRUST: Wrong key usage (Key Agreement)
>> 
>>
>> RESOLVED
>>
>> [dv-misissuance]
>>
>> 1793440 
>>
>> D-TRUST: CRL not DER-encoded
>> 
>>
>> RESOLVED
>>
>> [crl-failure]
>>
>> 1861069 
>>
>> D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field
>> within subject 
>>
>> OPEN
>>
>> [dv-misissuance]
>>
>> 1862082 
>>
>> D-Trust: Delay beyond 5 days in revoking misissued certificate
>> 
>>
>> OPEN
>>
>> [leaf-revocation-delay]
>>
>>
>>
>> Ben
>>
>> On Fri, Nov 3, 2023 at 9:39 AM Ben Wilson  wrote:
>>
>>> All,
>>>
>>> This email commences a six-week public discussion of D-Trust’s request
>>> to include the following CA certificates as publicly trusted root
>>> certificates in one or more CCADB Root Store Member’s program. This
>>> discussion period is scheduled to close on December 15, 2023.
>>>
>>> The purpose of this public discussion process is to promote openness and
>>> transparency. However, each Root Store makes its inclusion decisions
>>> independently, on its own timelines, and based on its own inclusion
>>> criteria. Successful completion of this public discussion process does not
>>> guarantee any favorable action by any root store.
>>>
>>> Anyone with concerns or questions is urged to raise them on this CCADB
>>> Public list by replying directly in this discussion thread. Likewise, a
>>> representative of the applicant must promptly respond directly in the
>>> discussion thread to all questions that are posted.
>>>
>>> CCADB Case Numbers:   # 1000
>>> 
>>> and # 1001
>>> 
>>>
>>> Organization Background Information

Re: Public Discussion of D-Trust CA Inclusion Request

2023-12-08 Thread Ben Wilson 
Greetings,

This is a reminder that the public discussion period on the inclusion
application of D-Trust will close next Friday, December 15, 2023.

Thank you,
Ben Wilson, on behalf of the CCADB Steering Committee

On Mon, Nov 6, 2023 at 10:02 AM Ben Wilson  wrote:

> All,
>
> Regarding the D-Trust Certification Practice Statement—instead of
> referencing the D-Trust Root PKI CPS, it should have referenced the CPS of
> the D-Trust CSM PKI, v.4.0, valid from 28-September-2023 (
> https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf) (from 19
> July 2023, the CSM PKI CPS applies to certificates with policy levels
> QEVCP-w, QNCP-w, EVCP, OVCP and LCP).
>
> Also, it didn’t mention the following Bugzilla bugs opened in the past 24
> months:
>
> 1756122 
>
> D-TRUST: Wrong key usage (Key Agreement)
> 
>
> RESOLVED
>
> [dv-misissuance]
>
> 1793440 
>
> D-TRUST: CRL not DER-encoded
> 
>
> RESOLVED
>
> [crl-failure]
>
> 1861069 
>
> D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field
> within subject 
>
> OPEN
>
> [dv-misissuance]
>
> 1862082 
>
> D-Trust: Delay beyond 5 days in revoking misissued certificate
> 
>
> OPEN
>
> [leaf-revocation-delay]
>
>
>
> Ben
>
> On Fri, Nov 3, 2023 at 9:39 AM Ben Wilson  wrote:
>
>> All,
>>
>> This email commences a six-week public discussion of D-Trust’s request to
>> include the following CA certificates as publicly trusted root certificates
>> in one or more CCADB Root Store Member’s program. This discussion period is
>> scheduled to close on December 15, 2023.
>>
>> The purpose of this public discussion process is to promote openness and
>> transparency. However, each Root Store makes its inclusion decisions
>> independently, on its own timelines, and based on its own inclusion
>> criteria. Successful completion of this public discussion process does not
>> guarantee any favorable action by any root store.
>>
>> Anyone with concerns or questions is urged to raise them on this CCADB
>> Public list by replying directly in this discussion thread. Likewise, a
>> representative of the applicant must promptly respond directly in the
>> discussion thread to all questions that are posted.
>>
>> CCADB Case Numbers:   # 1000
>> 
>> and # 1001
>> 
>>
>> Organization Background Information (listed in CCADB):
>>
>>-
>>
>>CA Owner Name: D-Trust GmbH
>>-
>>
>>Website:  https://www.d-trust.net/en
>>-
>>
>>Address:  Kommandantenstr. 15, Berlin, 10969, Germany
>>-
>>
>>Problem Reporting Mechanisms:
>>-
>>
>>   https://www.d-trust.net/en/support/reporting-certificate-problem
>>   -
>>
>>Organization Type: D-Trust GmbH is a subsidiary of the
>>Bundesdruckerei Group GmbH (bdr) and is fully owned by the German State.
>>-
>>
>>Repository URL:  https://www.bundesdruckerei.de/en/Repository
>>
>> Certificates Requested for Inclusion:
>>
>>1.
>>
>>D-Trust SBR Root CA 1 2022:
>>-
>>
>>   384-bit ECC
>>   -
>>
>>   Certificate download links: (CA Repository
>>   ,
>>   crt.sh
>>   
>> 
>>   )
>>   -
>>
>>   Use cases served/EKUs:
>>   -
>>
>>  Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
>>  -
>>
>>  Client Authentication 1.3.6.1.5.5.7.3.2
>>  -
>>
>>  Document Signing AATL 1.2.840.113583.1.1.5
>>  -
>>
>>  Document Signing MS 1.3.6.1.4.1.311.10.3.12
>>
>>
>>
>>1.
>>
>>D-Trust SBR Root CA 2 2022:
>>-
>>
>>   4096-bit RSA
>>   -
>>
>>   Certificate download links: (CA Repository
>>   ,
>>   crt.sh
>>   
>> 
>>   )
>>   -
>>
>>   Use cases served/EKUs:
>>   -
>>
>>  Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
>>  -
>>
>>  Client Authentication 1.3.6.1.5.5.7.3.2
>>  -
>>
>>  Document Signing AATL 1.2.840.113583.1.1.5
>>  -
>>
>>  Document Signing MS 1.3.6.1.4.1.311.10.3.12
>>
>> Relevant Policy and Practices Documentation:
>>
>>-
>>
>>Certificate Policy - CP of D-Trust GmbH
>>

Re: Public Discussion of D-Trust CA Inclusion Request

2023-11-06 Thread Ben Wilson 
All,

Regarding the D-Trust Certification Practice Statement—instead of
referencing the D-Trust Root PKI CPS, it should have referenced the CPS of
the D-Trust CSM PKI, v.4.0, valid from 28-September-2023 (
https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf) (from 19
July 2023, the CSM PKI CPS applies to certificates with policy levels
QEVCP-w, QNCP-w, EVCP, OVCP and LCP).

Also, it didn’t mention the following Bugzilla bugs opened in the past 24
months:

1756122 

D-TRUST: Wrong key usage (Key Agreement)


RESOLVED

[dv-misissuance]

1793440 

D-TRUST: CRL not DER-encoded


RESOLVED

[crl-failure]

1861069 

D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field
within subject 

OPEN

[dv-misissuance]

1862082 

D-Trust: Delay beyond 5 days in revoking misissued certificate


OPEN

[leaf-revocation-delay]



Ben

On Fri, Nov 3, 2023 at 9:39 AM Ben Wilson  wrote:

> All,
>
> This email commences a six-week public discussion of D-Trust’s request to
> include the following CA certificates as publicly trusted root certificates
> in one or more CCADB Root Store Member’s program. This discussion period is
> scheduled to close on December 15, 2023.
>
> The purpose of this public discussion process is to promote openness and
> transparency. However, each Root Store makes its inclusion decisions
> independently, on its own timelines, and based on its own inclusion
> criteria. Successful completion of this public discussion process does not
> guarantee any favorable action by any root store.
>
> Anyone with concerns or questions is urged to raise them on this CCADB
> Public list by replying directly in this discussion thread. Likewise, a
> representative of the applicant must promptly respond directly in the
> discussion thread to all questions that are posted.
>
> CCADB Case Numbers:   # 1000
> 
> and # 1001
> 
>
> Organization Background Information (listed in CCADB):
>
>-
>
>CA Owner Name: D-Trust GmbH
>-
>
>Website:  https://www.d-trust.net/en
>-
>
>Address:  Kommandantenstr. 15, Berlin, 10969, Germany
>-
>
>Problem Reporting Mechanisms:
>-
>
>   https://www.d-trust.net/en/support/reporting-certificate-problem
>   -
>
>Organization Type: D-Trust GmbH is a subsidiary of the Bundesdruckerei
>Group GmbH (bdr) and is fully owned by the German State.
>-
>
>Repository URL:  https://www.bundesdruckerei.de/en/Repository
>
> Certificates Requested for Inclusion:
>
>1.
>
>D-Trust SBR Root CA 1 2022:
>-
>
>   384-bit ECC
>   -
>
>   Certificate download links: (CA Repository
>   ,
>   crt.sh
>   
> 
>   )
>   -
>
>   Use cases served/EKUs:
>   -
>
>  Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
>  -
>
>  Client Authentication 1.3.6.1.5.5.7.3.2
>  -
>
>  Document Signing AATL 1.2.840.113583.1.1.5
>  -
>
>  Document Signing MS 1.3.6.1.4.1.311.10.3.12
>
>
>
>1.
>
>D-Trust SBR Root CA 2 2022:
>-
>
>   4096-bit RSA
>   -
>
>   Certificate download links: (CA Repository
>   ,
>   crt.sh
>   
> 
>   )
>   -
>
>   Use cases served/EKUs:
>   -
>
>  Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
>  -
>
>  Client Authentication 1.3.6.1.5.5.7.3.2
>  -
>
>  Document Signing AATL 1.2.840.113583.1.1.5
>  -
>
>  Document Signing MS 1.3.6.1.4.1.311.10.3.12
>
> Relevant Policy and Practices Documentation:
>
>-
>
>Certificate Policy - CP of D-Trust GmbH
>, v.5.1, valid
>from 28-Sept-2023
>-
>
>Trust Services Practice Statement - TSPS of D-Trust
>, v.1.8,
>valid from 28-Sept-2023
>-
>
>Certification Practice Statement - CPS of the D-Trust Root PKI
>,
>v.3.10, valid from 31-May-2023
>
> Most Recent Self-Assessment / CPS Review:
>
>-
>
>

Public Discussion of D-Trust CA Inclusion Request

2023-11-03 Thread Ben Wilson 
All,

This email commences a six-week public discussion of D-Trust’s request to
include the following CA certificates as publicly trusted root certificates
in one or more CCADB Root Store Member’s program. This discussion period is
scheduled to close on December 15, 2023.

The purpose of this public discussion process is to promote openness and
transparency. However, each Root Store makes its inclusion decisions
independently, on its own timelines, and based on its own inclusion
criteria. Successful completion of this public discussion process does not
guarantee any favorable action by any root store.

Anyone with concerns or questions is urged to raise them on this CCADB
Public list by replying directly in this discussion thread. Likewise, a
representative of the applicant must promptly respond directly in the
discussion thread to all questions that are posted.

CCADB Case Numbers:   # 1000

and # 1001


Organization Background Information (listed in CCADB):

   -

   CA Owner Name: D-Trust GmbH
   -

   Website:  https://www.d-trust.net/en
   -

   Address:  Kommandantenstr. 15, Berlin, 10969, Germany
   -

   Problem Reporting Mechanisms:
   -

  https://www.d-trust.net/en/support/reporting-certificate-problem
  -

   Organization Type: D-Trust GmbH is a subsidiary of the Bundesdruckerei
   Group GmbH (bdr) and is fully owned by the German State.
   -

   Repository URL:  https://www.bundesdruckerei.de/en/Repository

Certificates Requested for Inclusion:

   1.

   D-Trust SBR Root CA 1 2022:
   -

  384-bit ECC
  -

  Certificate download links: (CA Repository
  ,
  crt.sh
  

  )
  -

  Use cases served/EKUs:
  -

 Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
 -

 Client Authentication 1.3.6.1.5.5.7.3.2
 -

 Document Signing AATL 1.2.840.113583.1.1.5
 -

 Document Signing MS 1.3.6.1.4.1.311.10.3.12



   1.

   D-Trust SBR Root CA 2 2022:
   -

  4096-bit RSA
  -

  Certificate download links: (CA Repository
  ,
  crt.sh
  

  )
  -

  Use cases served/EKUs:
  -

 Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
 -

 Client Authentication 1.3.6.1.5.5.7.3.2
 -

 Document Signing AATL 1.2.840.113583.1.1.5
 -

 Document Signing MS 1.3.6.1.4.1.311.10.3.12

Relevant Policy and Practices Documentation:

   -

   Certificate Policy - CP of D-Trust GmbH
   , v.5.1, valid
   from 28-Sept-2023
   -

   Trust Services Practice Statement - TSPS of D-Trust
   , v.1.8, valid
   from 28-Sept-2023
   -

   Certification Practice Statement - CPS of the D-Trust Root PKI
   ,
   v.3.10, valid from 31-May-2023

Most Recent Self-Assessment / CPS Review:

   -

   D-Trust - CCADB Self Assessment (v1.2) 2023
    (XLS)
   (2-November-2023)

Audit Statements:

   -

   Auditor: TÜV Informationstechnik GmbH
   -

   Audit Criteria:
   -

  ETSI EN 319 411-1, V1.3.1 (2021-05)
  -

  ETSI EN 319 401, V2.3.1 (2021-05)
  -

  Baseline Requirements, version 1.8.4
  -

  ETSI EN 319 403 V2.2.2 (2015-08)
  -

  ETSI TS 119 403-2 V1.2.4 (2020-11)
  -

   Date of Audit Issuance: December 16, 2022
   -

   For Period of Time: 2022-07-06 to 2022-10-07
   -

   Audit Statement(s):
   -


  
https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2022121606_D-Trust_SBR_Root_CA_1_2022.pdf
  -


  
https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2022121607_D-Trust_SBR_Root_CA_2_2022.pdf


Thank you,

Ben, on behalf of the CCADB Steering Committee

-- 
You received this message because you are subscribed to the Google Groups 
"CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to public+unsubscr...@ccadb.org.
To view this discussion on the web visit 
https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtaZes1TUd8UefomNVXxXMn%3DamoGjQ95226zJZUuHPPZ%2BgQ%40mail.gmail.com.