Dear Mitsuyoshi, Thanks for your response. For purposes of Mozilla trust bits - "websites" and "email", could you specify at this time the key purpose for CA14 and CA15?
Ben On Tue, Jul 9, 2024 at 8:50 PM Mitsuyoshi Tamura < [email protected]> wrote: > Greetings, > We are aware of Mozilla's "Recommended Practices," that states that a > single-purpose root is preferred. Among three root CAs that we are > requesting, CA 12 has already changed to become a single-purpose root CA. > Regarding CA14 and 15, we will also change for single purpose before start > issuing certificates for subscribers. > > Best regards, > Mitsuyoshi Tamura > Cybertrust Japan > > P.S. > Please allow me to comment by miraclelinux.com domain that our company > possess. > > 2024年7月9日火曜日 6:19:08 UTC+9 Ben Wilson: > >> Hi Doug, >> Thanks for the question. I don't think we have set a date, but I'll >> continue to look into this to see if a date was ever proposed. In any >> event, we should open an issue in GitHub to remove this uncertainty. For >> Cybertrust Japan, I will need to look at the information in Bugzilla and >> the CCADB, but initially it appears that at least with Chrome they are only >> seeking inclusion of SecureSign Root CA12 for TLS. For SecureSign Root CA14 >> and SecureSign Root CA15, I may have missed where they might have already >> withdrawn one or both of them, but I'll have to read up. Sorry for the >> confusion. >> Please feel free to ask any additional follow-up questions. >> Thanks again, >> Ben >> >> On Mon, Jul 8, 2024 at 1:26 PM Doug Beattie <[email protected]> >> wrote: >> >>> Hi Ben, >>> >>> >>> >>> The older 2 roots were well separated with one having server auth and >>> client auth, and the other secure mail and code signing EKS, but the new >>> set of 3 has Server auth in all of them along with a mix of other EKUs. >>> >>> >>> >>> When do CAs need to start providing dedicated TLS roots? >>> >>> >>> >>> Doug >>> >>> >>> >>> *From:* 'Ben Wilson' via [email protected] < >>> [email protected]> >>> *Sent:* Monday, July 8, 2024 11:47 AM >>> *To:* [email protected] <[email protected]> >>> *Subject:* Intent to Approve Cybertrust / JCSI Japan Root Inclusions >>> >>> >>> >>> All, >>> >>> >>> >>> From May 10, 2024, through June 21, 2024, a six-week public discussion >>> was conducted regarding the request from Cybertrust Japan / JCSI for the >>> inclusion of the following root certificates: >>> >>> - SecureSign Root CA12 >>> - SecureSign Root CA14 >>> - SecureSign Root CA15 >>> >>> >>> https://groups.google.com/a/ccadb.org/g/public/c/4OuyyOD-7ng/m/1ot5MFk4AAAJ >>> >>> There were no objections, questions, or comments in opposition to the >>> request. >>> >>> This email is notice that Mozilla intends to approve the inclusion of >>> the above-mentioned root certificates from Cybertrust Japan / JCSI. >>> >>> This begins a 7-day “last call” period for any final objections. Should >>> there be any further concerns, please share them within this period. >>> >>> Thanks, >>> >>> Ben Wilson >>> >>> Mozilla Root Store Manager >>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "[email protected]" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZ%3DN0-G52whyR-iMD0jFiSxnBgrufMZMWkPSLfmuX0_MQ%40mail.gmail.com >>> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZ%3DN0-G52whyR-iMD0jFiSxnBgrufMZMWkPSLfmuX0_MQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabRaimzFsRr2B0iC4oThZ1ZDf%2BEPkjqXGJTOuas5h_o1g%40mail.gmail.com.
