Re: Enable Email trust bit for Actalis root cert

Wed, 13 Jan 2016 12:28:30 -0800 

On 12/9/15 4:09 PM, Kathleen Wilson wrote:

This request is to turn on the Email trust bit for the "Actalis
Authentication Root CA" root certificate that was included via Bugzilla
Bug #520557, and enabled for EV via Bugzilla Bug #957548.

Actalis CA has a wide number of customers, mainly banks and local
government. Actalis is a Qualified certification service provider
according to the EU Signature Directive (Directive 1999/93/EC).

The request is documented in the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1176188

And in the pending certificates list:
https://wiki.mozilla.org/CA:PendingCAs

Summary of Information Gathered and Verified:
https://bugzilla.mozilla.org/attachment.cgi?id=8646022

Noteworthy points:

* The primary documents are the CP for Email Certs and the CPS for SSL
and Code Signing Certs; provided in Italian and English.

CA Document Repository: http://www.actalis.it/area-download.aspx
CP for Email Certs (English):
https://www.actalis.it/documenti-it/caact-free-s-mime-certificates-policy.aspx

CPS for SSL and Code Signing Certs (English):
https://www.actalis.it/documenti-en/cps-for-ssl-server-and-code-signing.pdf

* CA Hierarchy: This root issues internally-operated subordinate CAs.
CPS section 1.3.1:
** The Root CA is used for issuing Sub CA certificates and related CRLs
only, and is kept off-line when not in use, whereas end-entity
certificates are issued by Sub CAs.
** Within the framework of the service described in this document, both
CA roles (Root CA and Sub CA) are played by Actalis

* This request is to enable the email trust bit. This root certificate
currently has the Websites and Code Signing trust bits enabled. This
root certificate is also currently enabled for EV treatment.
Does anyone need more time to review this request from Actalis to turn on the Email trust bit for the currently-included "Actalis Authentication Root CA" root certificate?
If not, and no one has any questions/concerns about this request, then I will close this discussion and recommend approval in the bug. 

Thanks,
Kathleen



_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to