Greetings, We are aware of Mozilla's "Recommended Practices," that states that a single-purpose root is preferred. Among three root CAs that we are requesting, CA 12 has already changed to become a single-purpose root CA. Regarding CA14 and 15, we will also change for single purpose before start issuing certificates for subscribers.
Best regards, Mitsuyoshi Tamura Cybertrust Japan P.S. Please allow me to comment by miraclelinux.com domain that our company possess. 2024年7月9日火曜日 6:19:08 UTC+9 Ben Wilson: > Hi Doug, > Thanks for the question. I don't think we have set a date, but I'll > continue to look into this to see if a date was ever proposed. In any > event, we should open an issue in GitHub to remove this uncertainty. For > Cybertrust Japan, I will need to look at the information in Bugzilla and > the CCADB, but initially it appears that at least with Chrome they are only > seeking inclusion of SecureSign Root CA12 for TLS. For SecureSign Root CA14 > and SecureSign Root CA15, I may have missed where they might have already > withdrawn one or both of them, but I'll have to read up. Sorry for the > confusion. > Please feel free to ask any additional follow-up questions. > Thanks again, > Ben > > On Mon, Jul 8, 2024 at 1:26 PM Doug Beattie <[email protected]> > wrote: > >> Hi Ben, >> >> >> >> The older 2 roots were well separated with one having server auth and >> client auth, and the other secure mail and code signing EKS, but the new >> set of 3 has Server auth in all of them along with a mix of other EKUs. >> >> >> >> When do CAs need to start providing dedicated TLS roots? >> >> >> >> Doug >> >> >> >> *From:* 'Ben Wilson' via [email protected] < >> [email protected]> >> *Sent:* Monday, July 8, 2024 11:47 AM >> *To:* [email protected] <[email protected]> >> *Subject:* Intent to Approve Cybertrust / JCSI Japan Root Inclusions >> >> >> >> All, >> >> >> >> From May 10, 2024, through June 21, 2024, a six-week public discussion >> was conducted regarding the request from Cybertrust Japan / JCSI for the >> inclusion of the following root certificates: >> >> - SecureSign Root CA12 >> - SecureSign Root CA14 >> - SecureSign Root CA15 >> >> >> https://groups.google.com/a/ccadb.org/g/public/c/4OuyyOD-7ng/m/1ot5MFk4AAAJ >> >> There were no objections, questions, or comments in opposition to the >> request. >> >> This email is notice that Mozilla intends to approve the inclusion of the >> above-mentioned root certificates from Cybertrust Japan / JCSI. >> >> This begins a 7-day “last call” period for any final objections. Should >> there be any further concerns, please share them within this period. >> >> Thanks, >> >> Ben Wilson >> >> Mozilla Root Store Manager >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZ%3DN0-G52whyR-iMD0jFiSxnBgrufMZMWkPSLfmuX0_MQ%40mail.gmail.com >> >> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZ%3DN0-G52whyR-iMD0jFiSxnBgrufMZMWkPSLfmuX0_MQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/0004a70c-92bb-4425-af54-cce641a2c2e2n%40mozilla.org.
