On 1/13/16 12:27 PM, Kathleen Wilson wrote:
On 12/9/15 4:09 PM, Kathleen Wilson wrote:
This request is to turn on the Email trust bit for the "Actalis
Authentication Root CA" root certificate that was included via Bugzilla
Bug #520557, and enabled for EV via Bugzilla Bug #957548.
Actalis CA has a wide number of customers, mainly banks and local
government. Actalis is a Qualified certification service provider
according to the EU Signature Directive (Directive 1999/93/EC).
The request is documented in the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1176188
And in the pending certificates list:
https://wiki.mozilla.org/CA:PendingCAs
Summary of Information Gathered and Verified:
https://bugzilla.mozilla.org/attachment.cgi?id=8646022
Noteworthy points:
* The primary documents are the CP for Email Certs and the CPS for SSL
and Code Signing Certs; provided in Italian and English.
CA Document Repository: http://www.actalis.it/area-download.aspx
CP for Email Certs (English):
https://www.actalis.it/documenti-it/caact-free-s-mime-certificates-policy.aspx
CPS for SSL and Code Signing Certs (English):
https://www.actalis.it/documenti-en/cps-for-ssl-server-and-code-signing.pdf
* CA Hierarchy: This root issues internally-operated subordinate CAs.
CPS section 1.3.1:
** The Root CA is used for issuing Sub CA certificates and related CRLs
only, and is kept off-line when not in use, whereas end-entity
certificates are issued by Sub CAs.
** Within the framework of the service described in this document, both
CA roles (Root CA and Sub CA) are played by Actalis
* This request is to enable the email trust bit. This root certificate
currently has the Websites and Code Signing trust bits enabled. This
root certificate is also currently enabled for EV treatment.
Does anyone need more time to review this request from Actalis to turn
on the Email trust bit for the currently-included "Actalis
Authentication Root CA" root certificate?
If not, and no one has any questions/concerns about this request, then I
will close this discussion and recommend approval in the bug.
This discussion about enabling the Email trust bit for the
already-included "Actalis Authentication Root CA" root certificate was
started on December 9, and no questions or concerns have been raised.
Therefore, I am closing this discussion and will recommend approval in
the bug.
https://bugzilla.mozilla.org/show_bug.cgi?id=1176188
Any further follow-up on this request should be added directly to the bug.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
