On 10/1/13 10:53 AM, Kathleen Wilson wrote:
T-Systems has applied to include the “T-TeleSec GlobalRoot Class 2” root
certificate, and turn on the Websites and Email trust bits. This SHA-256
root will eventually replace the “Deutsche Telekom Root CA 2” root
certificate that was included via Bugzilla Bug #378882.
Thank you to those of you who have reviewed and commented on this request.
It was noted that the subCA DFN operates hundreds of subordinate CAs.
They are operated in-house by DFN, as described in policy documentation
and they are audited annually by TUVIT according to the ETSI 102 042
criteria.
A question was raised about multi-factor authentication.
According to the ServerPass and Shared Business CA CPS section 6.5.1.1,
Workplaces for certificate issuance are restricted by multi factor
authentication.
It was noted that within the DFN hierarchy allowable domains are
whitelisted, and the process to add a new domain involves direct contact
with DFN-CA and demonstration of administrative control over the domain,
especially in terms of WHOIS (must point to your affiliation).
If there are no further comments on this request, I will close this
discussion and recommend approval in the bug.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
