Matthias, Have you been able to obtain the CPS downloadable from here: https://www.sede.fnmt.gob.es/en/dpcs/ac-servidores-seguros-tipo-1 or here: https://www.sede.fnmt.gob.es/en/dpcs/ac-servidores-seguros-tipo-2 ? (They both lead to the same CPS v. 1.6 document.) Ben
On Wed, Dec 2, 2020 at 7:15 AM Matthias van de Meent via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > On Fri, 27 Nov 2020 at 11:19, Santiago Brox via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > > El jueves, 19 de noviembre de 2020 a las 0:47:03 UTC+1, Matthias van de > Meent escribió: > > > On Wed, 18 Nov 2020, 01:06 Ben Wilson via dev-security-policy, > > > <dev-secur...@lists.mozilla.org> wrote: > > > > > > > > [...] > > > > > > > > *CP/CPS:* > > > > > > > > > https://www.sede.fnmt.gob.es/documents/10445900/10536309/dpc_ss_english.pdf > > > > > > > > Current CPS is version 1.5, published 1-October-2020. > > > > > > > > Repository location: > > > > > > https://www.sede.fnmt.gob.es/normativa/declaracion-de-practicas-de-certificacion > > > > > > > I'm having trouble finding the end entity certificate profiles in this > > > CPS. According to the CPS s7.1.2, they are supposed to be available at > > > http://www.cert.fnmt.es/dpcs/, but that redirects me to a repository > > > [0] of which the only english-language document [1] does not contain > > > any end entity certificate profiles, but only the root and ICA > > > profiles in attachments. Similarly, I cannot find the CPS you linked > > > in their repository. > > > > > All the relevant documentation (CPS, PDS, Terms and conditions, > certificate profiles, and old versions of CPSs) of each CA is published in > its corresponding channel in the website, all of them accessible from: > > > > https://www.sede.fnmt.gob.es/normativa/declaracion-de-practicas-de-certificacion > > I'm sorry, but I'm having trouble finding a link to the latest version of > the CPS of the to-be-included root in that repository. If you add this CPS, > it would be useful to take Mozilla Root Store Policy section 3.3 (6) into > account ("CAs must provide a way to clearly determine which CP and CPS > applies to each of its root and intermediate certificates"). > > > For AC RAIZ FNMT-RCM SERVIDORES SEGUROS we have 2 channels (one for each > intermediate CA): > > AC SERVIDORES SEGUROS TIPO 1: > > https://www.sede.fnmt.gob.es/en/dpcs/ac-servidores-seguros-tipo-1 > > and > > AC SERVIDORES SEGUROS TIPO 2: > > https://www.sede.fnmt.gob.es/en/dpcs/ac-servidores-seguros-tipo-2 > > > > In regards the certificate profiles, we have included in CPS v1.6 section > 7.1.2. direct links to the published documents of profiles. > > > > The document describing the profiles of the Website authentication > certificates, including all extensions, are published at > > AC SERVIDORES SEGUROS TIPO 1: > > > > https://www.sede.fnmt.gob.es/documents/10445900/10575386/Perfiles_certificados_servidores_seguros_tipo1.pdf > > AC SERVIDORES SEGUROS TIPO 2: > > > > https://www.sede.fnmt.gob.es/documents/10445900/10575386/Perfiles_certificados_servidores_seguros_tipo2.pdf > > > > Thank you for the links, I probably overlooked them before. > > > > I noticed that the CPS defers a great amount of sections (section 5, > > > 6.2, 6.4, 8.2 - 8.7 and large parts of section 9) to the DGPC, which > > > probably is [1] but that is never explicitly confirmed in the CPS - > > > there is no explicit link to any repository in section 1.6.1 where the > > > acronym is defined, nor are there any other indications that this DGPC > > > is located in the repository under the link of [0]. This is confusing, > > > and detrimental to the readability of the document. > > > > > CPS new version (v1.6) integrates all the sections that were referred to > in the DGPC (v5.8) and which applied in general to all our CAs. From > version 1.6 our CPS collects in a single document all the information and > BRs compliance commitments for our AC RAIZ FNMT-RCM SERVIDORES SEGUROS > > [...] > > I hope that we have been able to resolve all the issues raised with this > new version of the CPS (1.6) and have gained in transparency. > > Thanks > > Santiago. > > Thanks for the update, it sounds promising. I'll check it again once I can > find the CPS in the repository. > > Regards, > > Matthias > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy