All, On July 21, 2022, we began a three-week public discussion period[1] on the request from DigitalSign for inclusion of its two root certificates with only the email trust bit to be enabled--the DigitalSign Global Root RSA CA and the DigitalSign Global Root ECDSA CA. (Step 4 of the Mozilla Root Store CA Application Process[2]).
*Summary of Discussion and Completion of Action Items [Application Process, Steps 5-8]:* We did not receive any objections or other questions or comments in opposition to DigitalSign’s request. I do not believe that there are any action items for DigitalSign to complete. *Close of Public Discussion and Intent to Approve [Application Process, Steps 9-10]: * This is notice that I am closing public discussion (Application Process, Step 9) and that it is Mozilla’s intent to approve DigitalSign’s request (Step 10). This begins a 7-day “last call” period for any final objections. Thanks, Ben [1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/Ajm_a5GKHCU/m/LO961rHVAAAJ [2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview On Thu, Jul 21, 2022 at 10:40 PM Ben Wilson <[email protected]> wrote: > Resending > > ---------- Forwarded message --------- > From: Ben Wilson <[email protected]> > Date: Thu, Jul 21, 2022 at 5:23 PM > Subject: Public Discussion of DigitalSign's Global Roots (email trust bit > only) > To: [email protected] <[email protected]> > > > All, > > This is to announce the beginning of the public discussion phase of the > Mozilla root CA inclusion process ( > https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps > 4 through 9) for an inclusion request filed by DigitalSign - Certificadora > Digital, S.A. (Bug # 1694421 > <https://bugzilla.mozilla.org/show_bug.cgi?id=1694421>, CCADB Case # 737 > <https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000737>) > for the following two (2) root CA certificates: > > *DIGITALSIGN GLOBAL ROOT RSA CA** (email trust bit only)* > > > https://crt.sh/?sha256=82BD5D851ACF7F6E1BA7BFCBC53030D0E7BC3C21DF772D858CAB41D199BDF595 > > http://root-rsa.digitalsign.pt/DIGITALSIGNGLOBALROOTRSACA.cer > > *DIGITALSIGN GLOBAL ROOT ECDSA CA **(email trust bit only)* > > > https://crt.sh/?sha256=261D7114AE5F8FF2D8C7209A9DE4289E6AFC9D717023D85450909199F1857CFE > > http://root-ecdsa.digitalsign.pt/DIGITALSIGNGLOBALROOTECDSACA.cer > > *Repository:* The DigitalSign document repository is located here: > > http://pki.digitalsign.pt/ > > *Certification Practices Statement: * > > Certification Practice Statement, v. 1.5, dated May 18, 2022 > > https://pki.digitalsign.pt/ROOT%20CA%20-%20CPS_V1.5.pdf > <https://pki.digitalsign.pt/ROOT%20CA%20-%20CPS_V1.4.pdf> > <https://pki.digitalsign.pt/ROOT%20CA%20-%20CPS_V1.4.pdf> > > *CPS Review* is located here: > https://bugzilla.mozilla.org/show_bug.cgi?id=1694421#c17 > > *Value-vs-Risk Justification from DigitalSign - *see > https://bugzilla.mozilla.org/attachment.cgi?id=9286196 > > *Audits:* The most recent audit report currently available, dated > September 22, 2021, was performed by CSQA in accordance with ETSI EN 319 > 411-1, V1.3.1 (2021-05) and ETSI EN 319 411-2, V2.3.1 (2021-05) for the > period July 23, 2020, through July 22, 2021. See > https://www.csqa.it/getattachment/Servizi-e-Sicurezza-IT/Documenti/Attestazione-di-Audit-secondo-i-requisiti-ETSI/Attestation-DigitalSign-2021-14875-rev-1-signed.pdf.aspx?lang=it-IT. > > > I have no further questions or concerns about DigitalSign’s inclusion > request; however, I urge anyone with concerns or questions to raise them on > this list by replying directly in this discussion thread. Likewise, a > representative of DigitalSign must promptly respond directly in the > discussion thread to all questions that are posted. > > This email begins the 3-week comment period, which I’m scheduling to close > on or about Friday, August 12, 2022, after which, if no concerns are > raised, we will close the discussion and the request may proceed to the > approval phase (Step 10). > > Sincerely yours, > > Ben Wilson > > Mozilla Root Store Program > > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZAguL2Lvb0s-RRgJ8W64F5Nap-VomUMx6JA2cbDXqYZg%40mail.gmail.com.
