On January 6, 2022, we began a three-week public discussion[1] of D-Trust's requests for inclusion of its two root certificates, the D-TRUST BR Root CA 1 2020 and the D-TRUST EV Root CA 1 2020. (Step 4 of the Mozilla Root Store CA Application Process[2]).
*Summary of Discussion and Completion of Action Items [Application Process, Steps 5-8]:* We did not receive any objections or other questions or comments in opposition to D-Trust’s requests. I do not believe that there are any action items for D-Trust to complete. *Close of Public Discussion and Intent to Approve [Application Process, Steps 9-10]: * This is notice that I am closing public discussion (Application Process, Step 9) and that it is Mozilla’s intent to approve D-Trust’s requests (Step 10). This begins a 7-day “last call” period for any final objections. Thanks, Ben [1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/0Ljc_EkPsiQ/m/9XLIROdXBAAJ [2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview On Thu, Jan 6, 2022 at 11:55 AM Ben Wilson <[email protected]> wrote: > *D-Trust GmbH, a member of the Bundesdruckerei Group and wholly owned > subsidiary of Bundesdruckerei GmbH (“D-Trust”)* > > This is to announce the beginning of the public discussion phase of the > Mozilla root CA inclusion process ( > https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps > 4 through 9) for D-Trust’s inclusion requests for the following two (2) > root CA certificates: > > > *D-TRUST BR Root CA 1 2020* > > Download - https://www.d-trust.net/cgi-bin/D-TRUST_BR_Root_CA_1_2020.crt > > Bugzilla - https://bugzilla.mozilla.org/show_bug.cgi?id=1679256 > > CCADB - > https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000688 > > crt.sh - https://crt.sh/?id=3699642382 > > > > *D-TRUST EV Root CA 1 2020* > > Download - https://www.d-trust.net/cgi-bin/D-TRUST_EV_Root_CA_1_2020.crt > > Bugzilla - https://bugzilla.mozilla.org/show_bug.cgi?id=1679258 > > CCADB - > https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000689 > > crt.sh - https://crt.sh/?id=3699645135 > > > > Mozilla is considering approving D-Trust’s request(s) to add these roots > as trust anchors with the websites trust bit enabled (and with EV for the > D-TRUST EV Root CA 1 2020). > > This email begins the 3-week comment period, after which, if no concerns > are raised, we will close the discussion and the request may proceed to the > approval phase (Step 10). > > *Repository:* The D-Trust repository is located here: > https://www.bundesdruckerei.de/en/Repository > > *Relevant Policy and Practices Documentation: * > > Trust Service Practice Statement (TSPS), Version 1.3 (2021-10-15): > https://www.d-trust.net/internet/files/D-TRUST_TSPS.pdf > > CPS of the Certificate Service Manager (CSM CPS), Version 3.5 > (2021-12-17): > https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf > > Root CPS, Version 3.5 (2021-10-15): > https://www.d-trust.net/internet/files/D-TRUST_Root_PKI_CPS.pdf > > *Self-Assessments and Mozilla CPS Reviews* are located as attachments in Bug > #1679258 <https://bugzilla.mozilla.org/show_bug.cgi?id=1679258>: > > D-TRUST_BR_Self_Assessment_D-TRUST_EV_Root_CA_1_2020_final.xlsx > <https://bugzilla.mozilla.org/attachment.cgi?id=9231587> > > Mozilla Review of D-TRUST Compliance Self-Assessment > <https://bugzilla.mozilla.org/attachment.cgi?id=9243128> (xls) > > > D-TRUST_BR_Self_Assessment_D-TRUST_Mozilla_Review-D-TRUST-Response_Final.xlsx > <https://bugzilla.mozilla.org/attachment.cgi?id=9246613> > > > > *Audits:* Annual audits are performed by TÜV Informationstechnik GmbH. > The most recent audits were completed for the period ending October 7, 2021: > > > https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2021121001_D-TRUST_BR_Root_CA_1_2020.pdf > > > https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2021121002_D-TRUST_EV_Root_CA_1_2020.pdf > > in accordance with: > > ETSI EN 319 411-1, V1.2.2 (2018-04) > > ETSI EN 319 401, V2.2.1 (2018-04) > > ETSI EN 319 403 V2.2.2 (2015-08) > > ETSI TS 119 403-2 V1.2.4 (2020-11) > > for: > > EV SSL Certificate Guidelines, version 1.7.7 > > Baseline Requirements, version 1.7.9 > > *Incidents* > > D-Trust has no open incidents in Bugzilla. The last incident (Bug #1691117 > <https://bugzilla.mozilla.org/show_bug.cgi?id=1691117>: Certificate with > RSA key where modulus is not divisible by 8) was closed on March 11, 2021. > > I have no further questions or concerns about these inclusion requests, > however I urge anyone with concerns or questions to raise them on this list > by replying directly in this discussion thread. Likewise, a representative > of D-Trust must promptly respond directly in the discussion thread to all > questions that are posted. > > Again, this email begins a three-week public discussion period, which I’m > scheduling to close on or about January 28, 2022. > > Sincerely yours, > > Ben Wilson > > Mozilla Root Program Manager > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaaRq25pe9hwDcn%2BnRwC86kOnySTVZmH8X%2B9gmQaz9Uadw%40mail.gmail.com.
