All, This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process ( https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps 4 through 9) for an inclusion request filed by DigitalSign - Certificadora Digital, S.A. (Bug # 1694421 <https://bugzilla.mozilla.org/show_bug.cgi?id=1694421>, CCADB Case # 737 <https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000737>) for the following two (2) root CA certificates:
*DIGITALSIGN GLOBAL ROOT RSA CA** (email trust bit only)* https://crt.sh/?sha256=82BD5D851ACF7F6E1BA7BFCBC53030D0E7BC3C21DF772D858CAB41D199BDF595 http://root-rsa.digitalsign.pt/DIGITALSIGNGLOBALROOTRSACA.cer *DIGITALSIGN GLOBAL ROOT ECDSA CA **(email trust bit only)* https://crt.sh/?sha256=261D7114AE5F8FF2D8C7209A9DE4289E6AFC9D717023D85450909199F1857CFE http://root-ecdsa.digitalsign.pt/DIGITALSIGNGLOBALROOTECDSACA.cer *Repository:* The DigitalSign document repository is located here: http://pki.digitalsign.pt/ *Certification Practices Statement: * Certification Practice Statement, v. 1.5, dated May 18, 2022 https://pki.digitalsign.pt/ROOT%20CA%20-%20CPS_V1.5.pdf <https://pki.digitalsign.pt/ROOT%20CA%20-%20CPS_V1.4.pdf> <https://pki.digitalsign.pt/ROOT%20CA%20-%20CPS_V1.4.pdf> *CPS Review* is located here: https://bugzilla.mozilla.org/show_bug.cgi?id=1694421#c17 *Value-vs-Risk Justification from DigitalSign - *see https://bugzilla.mozilla.org/attachment.cgi?id=9286196 *Audits:* The most recent audit report currently available, dated September 22, 2021, was performed by CSQA in accordance with ETSI EN 319 411-1, V1.3.1 (2021-05) and ETSI EN 319 411-2, V2.3.1 (2021-05) for the period July 23, 2020, through July 22, 2021. See https://www.csqa.it/getattachment/Servizi-e-Sicurezza-IT/Documenti/Attestazione-di-Audit-secondo-i-requisiti-ETSI/Attestation-DigitalSign-2021-14875-rev-1-signed.pdf.aspx?lang=it-IT. I have no further questions or concerns about DigitalSign’s inclusion request; however, I urge anyone with concerns or questions to raise them on this list by replying directly in this discussion thread. Likewise, a representative of DigitalSign must promptly respond directly in the discussion thread to all questions that are posted. This email begins the 3-week comment period, which I’m scheduling to close on or about Friday, August 12, 2022, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10). Sincerely yours, Ben Wilson Mozilla Root Store Program -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaaWQ3x-Cav1Psj49mkM0PXfiSD5tvgetcCZYTW0dT1_rg%40mail.gmail.com.
