*D-Trust GmbH, a member of the Bundesdruckerei Group and wholly owned subsidiary of Bundesdruckerei GmbH (“D-Trust”)*
This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process ( https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps 4 through 9) for D-Trust’s inclusion requests for the following two (2) root CA certificates: *D-TRUST BR Root CA 1 2020* Download - https://www.d-trust.net/cgi-bin/D-TRUST_BR_Root_CA_1_2020.crt Bugzilla - https://bugzilla.mozilla.org/show_bug.cgi?id=1679256 CCADB - https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000688 crt.sh - https://crt.sh/?id=3699642382 *D-TRUST EV Root CA 1 2020* Download - https://www.d-trust.net/cgi-bin/D-TRUST_EV_Root_CA_1_2020.crt Bugzilla - https://bugzilla.mozilla.org/show_bug.cgi?id=1679258 CCADB - https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000689 crt.sh - https://crt.sh/?id=3699645135 Mozilla is considering approving D-Trust’s request(s) to add these roots as trust anchors with the websites trust bit enabled (and with EV for the D-TRUST EV Root CA 1 2020). This email begins the 3-week comment period, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10). *Repository:* The D-Trust repository is located here: https://www.bundesdruckerei.de/en/Repository *Relevant Policy and Practices Documentation: * Trust Service Practice Statement (TSPS), Version 1.3 (2021-10-15): https://www.d-trust.net/internet/files/D-TRUST_TSPS.pdf CPS of the Certificate Service Manager (CSM CPS), Version 3.5 (2021-12-17): https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf Root CPS, Version 3.5 (2021-10-15): https://www.d-trust.net/internet/files/D-TRUST_Root_PKI_CPS.pdf *Self-Assessments and Mozilla CPS Reviews* are located as attachments in Bug #1679258 <https://bugzilla.mozilla.org/show_bug.cgi?id=1679258>: D-TRUST_BR_Self_Assessment_D-TRUST_EV_Root_CA_1_2020_final.xlsx <https://bugzilla.mozilla.org/attachment.cgi?id=9231587> Mozilla Review of D-TRUST Compliance Self-Assessment <https://bugzilla.mozilla.org/attachment.cgi?id=9243128> (xls) D-TRUST_BR_Self_Assessment_D-TRUST_Mozilla_Review-D-TRUST-Response_Final.xlsx <https://bugzilla.mozilla.org/attachment.cgi?id=9246613> *Audits:* Annual audits are performed by TÜV Informationstechnik GmbH. The most recent audits were completed for the period ending October 7, 2021: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2021121001_D-TRUST_BR_Root_CA_1_2020.pdf https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2021121002_D-TRUST_EV_Root_CA_1_2020.pdf in accordance with: ETSI EN 319 411-1, V1.2.2 (2018-04) ETSI EN 319 401, V2.2.1 (2018-04) ETSI EN 319 403 V2.2.2 (2015-08) ETSI TS 119 403-2 V1.2.4 (2020-11) for: EV SSL Certificate Guidelines, version 1.7.7 Baseline Requirements, version 1.7.9 *Incidents* D-Trust has no open incidents in Bugzilla. The last incident (Bug #1691117 <https://bugzilla.mozilla.org/show_bug.cgi?id=1691117>: Certificate with RSA key where modulus is not divisible by 8) was closed on March 11, 2021. I have no further questions or concerns about these inclusion requests, however I urge anyone with concerns or questions to raise them on this list by replying directly in this discussion thread. Likewise, a representative of D-Trust must promptly respond directly in the discussion thread to all questions that are posted. Again, this email begins a three-week public discussion period, which I’m scheduling to close on or about January 28, 2022. Sincerely yours, Ben Wilson Mozilla Root Program Manager -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaY1vMk%3DgH_DjCa2U9y39cve%2BY4d59ik78-asCi50KMdFw%40mail.gmail.com.
