Matthias,
Have you been able to obtain the CPS downloadable from here:
https://www.sede.fnmt.gob.es/en/dpcs/ac-servidores-seguros-tipo-1  or
here:  https://www.sede.fnmt.gob.es/en/dpcs/ac-servidores-seguros-tipo-2
?  (They both lead to the same CPS v. 1.6 document.)
Ben

On Wed, Dec 2, 2020 at 7:15 AM Matthias van de Meent via
dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:

> On Fri, 27 Nov 2020 at 11:19, Santiago Brox via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> >
> > El jueves, 19 de noviembre de 2020 a las 0:47:03 UTC+1, Matthias van de
> Meent escribió:
> > > On Wed, 18 Nov 2020, 01:06 Ben Wilson via dev-security-policy,
> > > <dev-secur...@lists.mozilla.org> wrote:
> > > >
> > > > [...]
> > > >
> > > > *CP/CPS:*
> > > >
> > > >
> https://www.sede.fnmt.gob.es/documents/10445900/10536309/dpc_ss_english.pdf
> > > >
> > > > Current CPS is version 1.5, published 1-October-2020.
> > > >
> > > > Repository location:
> > > >
>
> https://www.sede.fnmt.gob.es/normativa/declaracion-de-practicas-de-certificacion
> > > >
> > > I'm having trouble finding the end entity certificate profiles in this
> > > CPS. According to the CPS s7.1.2, they are supposed to be available at
> > > http://www.cert.fnmt.es/dpcs/, but that redirects me to a repository
> > > [0] of which the only english-language document [1] does not contain
> > > any end entity certificate profiles, but only the root and ICA
> > > profiles in attachments. Similarly, I cannot find the CPS you linked
> > > in their repository.
> > >
> > All the relevant documentation (CPS, PDS, Terms and conditions,
> certificate profiles, and old versions of CPSs) of each CA is published in
> its corresponding channel in the website, all of them accessible from:
> >
>
> https://www.sede.fnmt.gob.es/normativa/declaracion-de-practicas-de-certificacion
>
> I'm sorry, but I'm having trouble finding a link to the latest version of
> the CPS of the to-be-included root in that repository. If you add this CPS,
> it would be useful to take Mozilla Root Store Policy section 3.3 (6) into
> account ("CAs must provide a way to clearly determine which CP and CPS
> applies to each of its root and intermediate certificates").
>
> > For AC RAIZ FNMT-RCM SERVIDORES SEGUROS we have 2 channels (one for each
> intermediate CA):
> > AC SERVIDORES SEGUROS TIPO 1:
> > https://www.sede.fnmt.gob.es/en/dpcs/ac-servidores-seguros-tipo-1
> > and
> > AC SERVIDORES SEGUROS TIPO 2:
> > https://www.sede.fnmt.gob.es/en/dpcs/ac-servidores-seguros-tipo-2
> >
> > In regards the certificate profiles, we have included in CPS v1.6 section
> 7.1.2. direct links to the published documents of profiles.
> >
> > The document describing the profiles of the Website authentication
> certificates, including all extensions, are published at
> > AC SERVIDORES SEGUROS TIPO 1:
> >
>
> https://www.sede.fnmt.gob.es/documents/10445900/10575386/Perfiles_certificados_servidores_seguros_tipo1.pdf
> > AC SERVIDORES SEGUROS TIPO 2:
> >
>
> https://www.sede.fnmt.gob.es/documents/10445900/10575386/Perfiles_certificados_servidores_seguros_tipo2.pdf
> >
>
> Thank you for the links, I probably overlooked them before.
>
> > > I noticed that the CPS defers a great amount of sections (section 5,
> > > 6.2, 6.4, 8.2 - 8.7 and large parts of section 9) to the DGPC, which
> > > probably is [1] but that is never explicitly confirmed in the CPS -
> > > there is no explicit link to any repository in section 1.6.1 where the
> > > acronym is defined, nor are there any other indications that this DGPC
> > > is located in the repository under the link of [0]. This is confusing,
> > > and detrimental to the readability of the document.
> > >
> > CPS new version (v1.6) integrates all the sections that were referred to
> in the DGPC (v5.8) and which applied in general to all our CAs. From
> version 1.6 our CPS collects in a single document all the information and
> BRs compliance commitments for our AC RAIZ FNMT-RCM SERVIDORES SEGUROS
> > [...]
> > I hope that we have been able to resolve all the issues raised with this
> new version of the CPS (1.6) and have gained in transparency.
> > Thanks
> > Santiago.
>
> Thanks for the update, it sounds promising. I'll check it again once I can
> find the CPS in the repository.
>
> Regards,
>
> Matthias
> _______________________________________________
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to