As I previously mentioned, I am now opening the first public discussion period for a request from T-Systems (a subsidiary of Deutsche Telekom) to add the Deutsche Telekom Root CA 2 root certificate to Mozilla. This is bug 378882, and Kathleen has produced an information document attached to the bug.
https://bugzilla.mozilla.org/show_bug.cgi?id=378882 Some points worth mentioning about this request: * T-Systems actually has two other root CAs, T-TeleSec GlobalRoot Class 2 and T-TeleSec GlobalRoot Class 3. Those are not included in this request (although of course we'd be glad to consider those as well in future). * T-Systems has undergone at least two audits, for ETSI 101 456 and WebTrust for CAs. The WebTrust for CAs audit is the relevant one for our purposes, since the WebTrust audit report we have is more recent. (Also, the ETSI 101 456 audit was apparently a self-audit, though there is some ambiguity about this.) Note that the WebTrust for CAs audit covered all three T-Systems root CAs. * There was apparently a bit of confusion about email certificates. As I understand it, T-Systems does not directly issue certificates usable for email. (T-Systems issues "qualified" certificates to individuals, but those do not contain email addresses, and are apparently used primarily in client authentication to web sites.) However T-Systems does have subordinate CAs, most notably the Deutsche Forschungsnetz (DFN, the German academic research network), that do issue email certificates and verify email account control per the relevant CPSs/CPs. This first public comment period will be for one week, and then I'll make a preliminary determination regarding this request. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
