Based on the record in Bugzilla Case 1551703 and the CCADB Case 417 (
https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000417)
, and receiving no further comments, I have recommended approval of this
request to EV-enable the Identrust Commercial Root CA 1.  See
https://bugzilla.mozilla.org/show_bug.cgi?id=1551703#c13
<https://bugzilla.mozilla.org/show_bug.cgi?id=1551703#c13>

On Fri, Jul 31, 2020 at 10:28 AM Ben Wilson <bwil...@mozilla.com> wrote:

> Today is the close of the comment period for the Identrust EV enablement
> request. I don't believe we have received any comments, and I intend to
> recommend that this request be approved unless there are any reasons why
> the request should be denied.
> Thanks,
> Ben
>
> On Fri, Jul 10, 2020 at 4:05 PM Ben Wilson <bwil...@mozilla.com> wrote:
>
>> This is a request to EV-enable the IdenTrust Commercial Root CA 1, as
>> documented here:
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1551703
>>
>> *  Summary of Information Gathered and Verified:
>>
>>
>> https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000417
>>
>> *  SHA2 hash for Root CA Certificate:
>> 5D56499BE4D2E08BCFCAD08A3E38723D50503BDE706948E42F55603019E528AE
>>
>> *  Root Certificate Download URL:
>>
>> http://validation.identrust.com/roots/commercialrootca1.p7c
>>
>> *  Identrust’s BR Self Assessment is located here:
>>
>> https://bugzilla.mozilla.org/attachment.cgi?id=9153636 (Excel
>> Spreadsheet Download)
>>
>> *  CPS:
>>
>>
>> https://www.identrust.com/sites/default/files/resources/identrust_trustid_cps_v4.7.3_06.15.2020.pdf
>>
>> *  Test Website:
>>
>> https://ev-valid.identrustssl.com/
>>
>> *  EV Policy OIDs:
>>
>> 2.16.840.1.113839.0.6.9,  2.23.140.1.1
>>
>> * CRL URL:
>>
>> http://validation.identrust.com/crl/commercialrootca1.crl
>>
>> *  OCSP URL:
>>
>> http://commercial.ocsp.identrust.com
>>
>> *  Audit:
>>
>> A period of time WebTrust EV annual audit report was provided on August
>> 16, 2019, by Schellman & Company, LLC, a licensed WebTrust auditor. That
>> and other WebTrust audit reports are available from the bottom of the
>> following applicant page:
>> https://www.identrust.com/support/documents/trustid.
>>
>>
>> I’ve reviewed the CPS, BR Self Assessment, and related information for
>> this inclusion request.  Comments and concerns regarding the CPS were
>> satisfactorily addressed as noted in
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1551703.  I now recommend
>> that the IdenTrust Commercial Root CA 1 be enabled for Extended Validation
>> treatment.
>>
>>
>> This begins the 3-week comment period for this request.
>>
>>
>> I will greatly appreciate your thoughtful and constructive feedback on
>> Identrust’s request.
>>
>> Sincerely yours,
>>
>> Ben Wilson
>>
>>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to