Would there be any other reason than "we want to become a CA"? We would like to be a CA with competitive characteristics in our issued certificates. No other reason. Em quinta-feira, 17 de novembro de 2022 às 01:40:54 UTC-3, [email protected] escreveu:
> Reading their Value-vs-Risk Justification from SERPRO – see Value vs > Risk_SERPRO_SSL_CA.pdf > > Maybe I misunderstand this: > > 1. Why does the applicant want its root CA certificate(s) to be included > by default in Mozilla’s > root store? > > The inclusion of SERPRO SSL CA in Mozilla's root store is crucial for us > to build a strong public > trust. > It represents a pledge of confidence for our clients and partners because > of Mozilla's strict rules and > requirements for managing its Root Store. > SERPRO SSL CA objective is to become a publicly-trusted commercial CA with > Brazilian reach, > securing a wide range of websites visited by Firefox users. > > Would there be any other reason than "we want to become a CA"? > > Also, will there be any Mozilla Applied Constraints e.g. named-constraints > applied? It appears not? They're a Brazilian government CA so one assumes > they'd be dealing with *.br primarily? Do they need to issue certificates > for other domains as well? > > On Wed, Nov 16, 2022 at 8:52 PM Ben Wilson <[email protected]> wrote: > >> All, >> >> This is to announce the beginning of a six-week public discussion period >> for the inclusion request of Serviço Federal de Processamento de Dados >> (SERPRO) (Bug # 1677631 >> <https://bugzilla.mozilla.org/show_bug.cgi?id=1677631>, CCADB Case # 680 >> <https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000680>) >> >> for its Autoridade Certificadora do SERPRO SSLv1 issuing CA certificate >> (SERPRO SSLv1), issued under the Autoridade Certificadora Raiz Brasileira >> v10, which is the root CA designated under the Brazilian PKI for support of >> TLS certificate issuance. Mozilla is considering SERPRO’s request to >> add the SERPRO SSLv1 CA as a trust anchor with the websites trust bit >> enabled. >> >> Download – https://repositorio.serpro.gov.br/cadeias/serprossl.crt >> >> crt.sh - >> https://crt.sh/?sha256=08FC942D5176E568ACBEF9C595F36A20DE6ACF9EA30C6F5FCEDD48216ED5B070 >> >> >> *Repository:* The SERPRO document repository is located here: >> https://certificados.serpro.gov.br/serprossl/certification-policies. >> >> *Relevant Policy and Practices Documentation: * >> >> An English version of the SERPRO CPS (v.4.2), March 2022, is available >> here: https://repositorio.serpro.gov.br/docs/CPS_SERPRO_SSL_CA.pdf >> >> *Self-Assessments and Mozilla CPS Reviews* are located within Bug # >> 1677631 <https://bugzilla.mozilla.org/show_bug.cgi?id=1677631>: >> >> AC_SERPRO_SSL_Self_Assessment.ods >> <https://bugzilla.mozilla.org/attachment.cgi?id=9192419> >> >> Mozilla’s CP/CPS Review comments – Comment # >> <https://bugzilla.mozilla.org/show_bug.cgi?id=1677631#c2>2, Comment #73 >> <https://bugzilla.mozilla.org/show_bug.cgi?id=1677631#c73>, and Comment >> #77 <https://bugzilla.mozilla.org/show_bug.cgi?id=1677631#c77> >> >> *Value-vs-Risk Justification from SERPRO – *see Value vs >> Risk_SERPRO_SSL_CA.pdf >> <https://bugzilla.mozilla.org/attachment.cgi?id=9292088> >> >> *Audits:* Annual audits have been performed by PKI Contabilidade e >> Auditoria Ltda in accordance with the Webtrust Principles and Criteria for >> Certification Authorities. The most recent audits available were published >> on July 22, 2022, for the period ending May 29, 2022. See >> >> >> https://www.cpacanada.ca/generichandlers/CPACHandler.ashx?attachmentid=b6a5cf89-dd0a-484e-bad5-5cf4faeb10a0 >> (Standard >> Webtrust) >> >> >> https://www.cpacanada.ca/generichandlers/CPACHandler.ashx?attachmentid=5bee38f1-db75-46fe-91df-2ff67c6f0560 >> >> (WebTrust Baseline Requirements) >> >> I have no other questions related to SERPRO’s inclusion request; however, >> I urge anyone with concerns or questions to raise them on this list by >> replying directly in this discussion thread. Likewise, a representative of >> SERPRO must promptly respond directly in the discussion thread to all >> questions that are posted. >> >> This email begins a 6-week period for public discussion and comment, >> which I’m scheduling to close on or about December 31, 2022, after which, >> if no concerns are raised, we will close the discussion and the request may >> proceed to Mozilla’s one-week “last-call” phase. >> >> Sincerely yours, >> >> Ben Wilson >> >> Mozilla Root Program Manager >> >> -- >> You received this message because you are subscribed to the Google Groups >> "public" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtaagUFek6Fp_xp3Rw4PozHz3EJFrvNM5HQvxA2ifmsCLHQ%40mail.gmail.com >> >> <https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtaagUFek6Fp_xp3Rw4PozHz3EJFrvNM5HQvxA2ifmsCLHQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Kurt Seifried (He/Him) > [email protected] > -- You received this message because you are subscribed to the Google Groups "public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/3e4f52d7-448c-4320-8793-cc09f53246c2n%40ccadb.org.
