El miércoles, 21 de octubre de 2015, 22:43:15 (UTC+2), Charles Reiss escribió: > On 10/21/15 19:17, Kathleen Wilson wrote: > > > What are the apparent subCAs with CNs 'AC FNMT Usuarios' > [https://crt.sh/?caid=6664 ] and 'ISA CA' [https://crt.sh/?caid=947 (example > EE > cert: https://crt.sh/?id=8983568 )]?
"AC FNMT Usuarios" is the subCA that issues qualified certificates exclussively for natural persons (Spanish citizens). This subCA started operations on february 2015. Regarding "ISA CA", the European Commission awarded the FNMT-RCM Company a contract for PKI services within the scope of European Public Administration (ISA Program). This subCA issues certificates exclusively within that scope and only for the specified EU Institutions entitled by the European Commission to request ISA SSL certificates. All of the active server certificates have been issued for domains under: - testa.eu for STESTA net. (STESTA is the European Community's own private network, composed of the EuroDomain backbone and Local Domain networks.The EuroDomain is totally isolated from the public Internet. This guarantees restricted access as only administrations may access the EuroDomain. Security is also enhanced by the implementation of IPSEC technology to prevent eavesdropping and advanced encryption mechanisms.) - europa.eu which holds internal services of EU public administrations. Both, europa.eu and testa.eu are domains property of the European Comission itself as you can verify at http://www.eurid.eu. The server certificate that you refer (https://crt.sh/?id=8983568) is the only exception. "ec.fnmt.es" is a domain property of FNMT-RCM that just holds the portal for accesing ISA CA products and services. The reasons why this subCAs don't figure in request are: - "AC FNMT Usuarios" doesn't issue server certificates - ISA CA server certificates are issued exlusively to a very restricted (almost private) environment _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
