Hi Matthias/Everyone, I'm a bit suspicious of these two statements:
- The Atos Offering is about threat detection and defence. - All activities are carried out passively and on behalf of the customer and its own infrastructure. The CPSes don't discuss the use of the certificates for threat detection or defense.[1,2] However, ATOS offers Data Loss Prevention (DLP) services.[3] A.k.a., Interception Proxy. So I am clear, the Roots and Subordinates WILL NOT be used for DLP purposes, even if the use is intended for or limited to customer on-prem. If a customer wants a DLP program run by ATOS, then the customer will use its internal PKI or its own Roots and Subordinates. Is that correct? Jeff [1] https://pki.atos.net/Download/Atos_TrustedRoot_CPS_RootCA_v2.7.2.pdf [2] https://pki.atos.net/Download/Atos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf [3] https://atos.net/en/2016/press-release/general-press-releases_2016_06_03/pr-2016_06_03_01 On Wed, Feb 8, 2023 at 4:47 AM 'Matthias Wessels' via CCADB Public < [email protected]> wrote: > Dear All, > many thanks for your comments. > we are happy to provide some explanations for the discussion. > > - The Atos Offering is about threat *detection and defence.* > > - All activities are carried out *passively and on behalf of the customer* > and *its own infrastructure*. > > - On the website mentioned above ( > https://atos.net/en/solutions/cyber-security/managed-security-services), > the offering is presented on *the basis of the customer IOC.* > > - In addition, it also serves to protect the Atos infrastructure > (including the PKI services). > > It is therefore not network surveillance or cyber espionage. > > Hope this will help to clear this discussion point. > > Best regards > > Matthias > [email protected] schrieb am Mittwoch, 8. Februar 2023 um 04:04:34 UTC+1: > >> I think 'monitor' in that statement actually means 'We run a web crawler >> on some forums/markets on TOR and see what exploits they post/sell" I see >> no reason why they would care about any specific person on there. >> 2023-02-08 오전 10:48에 'Kurt Seifried' via CCADB Public 이(가) 쓴 글: >> >> In line with: >> >> https://wiki.mozilla.org/CA/Root_Inclusion_Considerations >> >> I have incorporated your feedback as follows. >> >> - Changed network surveillance bullet point to: >> network surveillance that collects information about a person or >> organization and sends it to another entity in a way that endangers the >> privacy or device security of the person or organization >> >> - Changed the cyber espionage bullet point to: >> cyber espionage that aims to obtain information from a person or >> organization without the knowledge or permission of the person or >> organization for personal, economic, political or military advantage. >> >> Atos states clearly they are monitoring the dark web, do you think they >> are logging into those sites as "ATOS_darkweb_monitoring_user"? >> >> I would note that the Mozilla Root_Inclusion_Considerations >> <https://wiki.mozilla.org/CA/Root_Inclusion_Considerations> uses terms >> like "privacy" which covers people you like, and people you don't like. >> >> On Tue, Feb 7, 2023 at 2:27 PM Rufus Buschart <[email protected]> wrote: >> >>> This should obviously say "I am not able to" >>> >>> /Rufus >>> >>> Rufus Buschart <[email protected]> schrieb am Di., 7. Feb. 2023, >>> 22:26: >>> >>>> Hi Kurt! >>>> >>>> Could you please be a bit more specific, when you make such >>>> accusations? At least I'm able to find the problematic services under the >>>> link you posted. >>>> >>>> Best regards >>>> >>>> Rufus >>>> >>>> 'Kurt Seifried' via CCADB Public <[email protected]> schrieb am Di., 7. >>>> Feb. 2023, 20:18: >>>> >>>>> In line with the recently announced: >>>>> >>>>> https://wiki.mozilla.org/CA/Root_Inclusion_Considerations >>>>> >>>>> There is reasonable suspicion that the CA is closely tied, through >>>>> ownership or operation, to a company engaged in any of the following: >>>>> the distribution of malware or spyware; >>>>> network surveillance; or >>>>> cyber espionage. >>>>> >>>>> ATOS appears to be involved in "network surveillance; or cyber >>>>> espionage." as per: >>>>> >>>>> https://atos.net/en/solutions/cyber-security/managed-security-services >>>>> >>>>> Which explicitly mentions: >>>>> >>>>> "Global threat intelligence services to monitor and pre-empt threats >>>>> across the internet and dark web" >>>>> >>>>> So I guess this will need to be explained/an exception granted, or? >>>>> >>>>> >>>>> >>>>> On Tue, Feb 7, 2023 at 2:51 AM 'Michael Risthaus' via CCADB Public < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Aaron, >>>>>> >>>>>> >>>>>> >>>>>> thanks for the hint! >>>>>> >>>>>> >>>>>> >>>>>> Instead of a 404 we are now sending a 301 redirect to the correct >>>>>> landing page. Additionally we will correct the “Company Website” entry in >>>>>> the CCADB as soon as possible. >>>>>> >>>>>> >>>>>> >>>>>> Kind regards, >>>>>> >>>>>> *Michael Risthaus* >>>>>> >>>>>> >>>>>> >>>>>> *Von:* 'Aaron Gable' via CCADB Public <[email protected]> >>>>>> *Gesendet:* Montag, 6. Februar 2023 19:30 >>>>>> *An:* Chris Clements <[email protected]> >>>>>> *Cc:* public <[email protected]> >>>>>> *Betreff:* Re: Public Discussion of Atos CA Inclusion Request >>>>>> >>>>>> >>>>>> >>>>>> *Caution:* External email. Do not open attachments or click links, >>>>>> unless this email comes from a known sender and you know the content is >>>>>> safe. >>>>>> >>>>>> >>>>>> >>>>>> It appears that the link listed for Website ( >>>>>> https://pki.atos.net/TrustedRoot >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FTrustedRoot&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051608887631%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8IjxhUNc6d6bJ%2BATp7MVXVWoCQDVFqZgjPlIQM0H2Wg%3D&reserved=0>) >>>>>> returns a 404. Is that link supposed to be >>>>>> https://pki.atos.net/trustcenter/en/pki-services/ssl-certificates >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2Ftrustcenter%2Fen%2Fpki-services%2Fssl-certificates&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051608887631%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4e9nmWFf4W2knf2CZ62Qkw4kMPIDdn1bma6yVmIOkpQ%3D&reserved=0> >>>>>> instead? >>>>>> >>>>>> >>>>>> >>>>>> Aaron >>>>>> >>>>>> >>>>>> >>>>>> On Mon, Feb 6, 2023 at 6:16 AM 'Chris Clements' via CCADB Public < >>>>>> [email protected]> wrote: >>>>>> >>>>>> All, >>>>>> >>>>>> >>>>>> >>>>>> This email commences a six-week public discussion of Atos >>>>>> Trustcenter’s request to include the following certificates as publicly >>>>>> trusted root certificates in one or more CCADB Root Store Member’s >>>>>> program. >>>>>> This discussion period is scheduled to close on *March 20, 2023*. >>>>>> >>>>>> >>>>>> >>>>>> The purpose of this public discussion process is to promote openness >>>>>> and transparency. However, each Root Store makes its inclusion decisions >>>>>> independently, on its own timelines, and based on its own inclusion >>>>>> criteria. Successful completion of this public discussion process does >>>>>> not >>>>>> guarantee any favorable action by any root store. >>>>>> >>>>>> >>>>>> >>>>>> Anyone with concerns or questions is urged to raise them on this >>>>>> CCADB Public list by replying directly in this discussion thread. >>>>>> Likewise, >>>>>> a representative of the applicant must promptly respond directly in the >>>>>> discussion thread to all questions that are posted. >>>>>> >>>>>> *CCADB Case Number: *00000999 >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fccadb-public.secure.force.com%2Fmozilla%2FPrintViewForCase%3FCaseNumber%3D00000999&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051608887631%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BhRfsRyPubiTiJMwJDmfqbKEdk1NOp%2BVbMHD3m45YSY%3D&reserved=0> >>>>>> >>>>>> >>>>>> *Organization Background Information:* >>>>>> >>>>>> - *CA Owner Name:* Atos Trustcenter >>>>>> - *Website: *https://pki.atos.net/TrustedRoot/ >>>>>> >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FTrustedRoot%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051608887631%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yjRBGFo8bQZ2G8dscgfMRLtYrAU3no8A55FAa1BhzE0%3D&reserved=0> >>>>>> - *Address: *Lohberg 10 Meppen, 49716 Germany >>>>>> - *Problem Reporting Mechanisms: *[email protected], >>>>>> https://pki.atos.net >>>>>> >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=69j1u7ef5ySqZoiAdST9WYHUcY7Tn%2FddPGZaQFOVOSs%3D&reserved=0> >>>>>> - *Organization Type: *Private Corporation >>>>>> - *Repository URL: >>>>>> https://pki.atos.net/trustcenter/en/download/trusted-root-ca >>>>>> >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2Ftrustcenter%2Fen%2Fdownload%2Ftrusted-root-ca&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oZACTG3C20qLDCd3aG7QX1OTu1jhYy%2FJG8E%2B%2BnBLakk%3D&reserved=0>* >>>>>> >>>>>> >>>>>> *Certificates Requesting Inclusion:* >>>>>> >>>>>> 1. *Atos TrustedRoot Root CA RSA G2 2020:* >>>>>> >>>>>> · Certificate download links (CA Repository >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCARSAG22020.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PP3zMJ0NDC5PUWBBHk8K8S4eKQOFGJzzFyWkJEDEnBI%3D&reserved=0>, >>>>>> crt.sh >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3D78833A783BB2986C254B9370D3C20E5EBA8FA7840CBF63FE17297A0B0119685E&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=d9pPOFbsAoPUnNBQ5oDmRyL15egD%2Ba3DBUyUogZ7mVY%3D&reserved=0> >>>>>> ) >>>>>> >>>>>> · Use cases served/EKUs: >>>>>> >>>>>> o Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; and >>>>>> >>>>>> o Client Authentication 1.3.6.1.5.5.7.3.2 >>>>>> >>>>>> · Test websites: N/A >>>>>> >>>>>> *2. **Atos TrustedRoot Root CA RSA TLS 2021:* >>>>>> >>>>>> · Certificate download links (CA Repository >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCARSATLS2021.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qFiV5YI3xg9xlQzYbZ45qMIqeq7Q9Aul%2F8Ix%2Bot%2BsVE%3D&reserved=0>, >>>>>> crt.sh >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3D81A9088EA59FB364C548A6F85559099B6F0405EFBF18E5324EC9F457BA00112F&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zYQMIKp3m08tFW1kca6CbePs6QvRaXgzGxUsru4IQ1U%3D&reserved=0> >>>>>> ) >>>>>> >>>>>> · Use cases served/EKUs: >>>>>> >>>>>> o Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; and >>>>>> >>>>>> o Client Authentication 1.3.6.1.5.5.7.3.2 >>>>>> >>>>>> · Test websites: >>>>>> >>>>>> o Valid: https://tls-rsa-root-2021-pki-valid.atos.net >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-rsa-root-2021-pki-valid.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Y98a9zCKoehgBLwprPhsu0%2Bc5QWRj34Lfe7v98AHwy4%3D&reserved=0> >>>>>> >>>>>> o Revoked: https://tls-rsa-root-2021-pki-revoked.atos.net >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-rsa-root-2021-pki-revoked.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6Q0Z2C9%2F9jUG0RCyCcVrG%2FLthfMIo4851WWG2exUWg8%3D&reserved=0> >>>>>> >>>>>> o Expired: https://tls-rsa-root-2021-pki-expired.atos.net >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-rsa-root-2021-pki-expired.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=voen11xmWmgEVklLh82GselDpv7kV8%2F0%2Ff1iqLr0FGQ%3D&reserved=0> >>>>>> >>>>>> >>>>>> *3. **Atos TrustedRoot Root CA ECC G2 2020:* >>>>>> >>>>>> · Certificate download links (CA Repository >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCAECCG22020.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6OZbMQ3HcS0F7jKE1WD6fsVvLV12UuERAiR0Aojk%2Bz0%3D&reserved=0>, >>>>>> crt.sh >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3DE38655F4B0190C84D3B3893D840A687E190A256D98052F159E6D4A39F589A6EB&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sEythdvtVllUBq6qHYhP%2B9Z43I4QhmdVCnxCZ3PTTOs%3D&reserved=0> >>>>>> ) >>>>>> >>>>>> · Use cases served/EKUs: >>>>>> >>>>>> o Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; and >>>>>> >>>>>> o Client Authentication 1.3.6.1.5.5.7.3.2 >>>>>> >>>>>> · Test websites: N/A >>>>>> >>>>>> *4. **Atos TrustedRoot Root CA ECC TLS 2021:* >>>>>> >>>>>> · Certificate download links (CA Repository >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCAECCTLS2021.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EUvzjraR4YOcFfiPOPcV0sMZ2NYXzJpyrpKUqf2mXPA%3D&reserved=0>, >>>>>> crt.sh >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3DB2FAE53E14CCD7AB9212064701AE279C1D8988FACB775FA8A008914E663988A8&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vGK2TrDHyfcV0HkAjat47vFSfsm4sLYKS9776bWF8PI%3D&reserved=0> >>>>>> ) >>>>>> >>>>>> · Use cases served/EKUs: >>>>>> >>>>>> o Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; and >>>>>> >>>>>> o Client Authentication 1.3.6.1.5.5.7.3.2 >>>>>> >>>>>> · Test websites: >>>>>> >>>>>> o Valid: https://tls-ecc-root-2021-pki-valid.atos.net >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-ecc-root-2021-pki-valid.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=h3usdzuQVEkpjsu8PYmCSCFK%2FtMEq2ZSwYHC2Eq%2FcFs%3D&reserved=0> >>>>>> >>>>>> o Revoked: https://tls-ecc-root-2021-pki-revoked.atos.net >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-ecc-root-2021-pki-revoked.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ET4zlZBB0hSm5r2E1Pi0eY0mLcrwlai0lTt1jqD0xP8%3D&reserved=0> >>>>>> >>>>>> o Expired: https://tls-ecc-root-2021-pki-expired.atos.net >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-ecc-root-2021-pki-expired.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6yDAvA8xL4mYv48g6kReAbAMrkKpsrh7ljZq5TKWofs%3D&reserved=0> >>>>>> >>>>>> >>>>>> *Existing Publicly Trusted Root CAs from Atos Trustcenter:* >>>>>> >>>>>> 1. *Atos TrustedRoot 2011 * >>>>>> >>>>>> · Certificate download links (CA Repository >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRoot2011.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7xVYZ%2F7oLTJbDUYktL%2FXrk%2FcP%2BiQa7871dS0vu1hpSQ%3D&reserved=0>, >>>>>> crt.sh >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3DF356BEA244B7A91EB35D53CA9AD7864ACE018E2D35D5F8F96DDF68A6F41AA474&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609043852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NiwHZCbrRdBCPIc5TkzAV24B69wXOUx8c3ohQOPuC3o%3D&reserved=0> >>>>>> ) >>>>>> >>>>>> · Use cases served/EKUs: not defined >>>>>> >>>>>> · Certificate corpus: here >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsearch.censys.io%2Fcertificates%3Fq%3Df356bea244b7a91eb35d53ca9ad7864ace018e2d35d5f8f96ddf68a6f41aa474&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609200071%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=plDfKtcytCZpW4e6o2YsGaS2p07XT5lxMJpyAjO3Hog%3D&reserved=0> >>>>>> (login required) >>>>>> >>>>>> · Included in: Apple; Google Chrome; Microsoft; Mozilla >>>>>> >>>>>> *Relevant Policy and Practices Documentation:* >>>>>> >>>>>> The following apply to all four (4) applicant root CAs: >>>>>> >>>>>> - >>>>>> https://pki.atos.net/Download/Atos_TrustedRoot_CPS_RootCA_v2.7.2.pdf >>>>>> >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FDownload%2FAtos_TrustedRoot_CPS_RootCA_v2.7.2.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609200071%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=B7MGvJ%2Fe%2F15gdFqSpo9FPVRux6aMh9mH37fSaN6MXF8%3D&reserved=0> >>>>>> >>>>>> - >>>>>> >>>>>> https://pki.atos.net/Download/Atos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf >>>>>> >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FDownload%2FAtos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609200071%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2ZoOUV5UEO94NrVywHiVLWxUgAER3TQMJYhzzNcNDlI%3D&reserved=0> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> *Most Recent Self-Assessment:* >>>>>> >>>>>> - https://bugzilla.mozilla.org/attachment.cgi?id=9293279 >>>>>> >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fattachment.cgi%3Fid%3D9293279&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609200071%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=H0beRGbDF9fjG0N%2FwLAcJCO0FWNdTnb9145cY55jOMg%3D&reserved=0> >>>>>> (completed 9/6/2022) >>>>>> >>>>>> >>>>>> >>>>>> *Audit Statements:* >>>>>> >>>>>> - Auditor: datenschutz cert GmbH >>>>>> >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.datenschutz-cert.de%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609200071%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mv%2BQ3Cdjm5pPCazMStp0YCdUh6g%2B5TwfuhFzLWvpWNQ%3D&reserved=0> >>>>>> - Audit Criteria: ETSI EN 319 411-1 >>>>>> - Date of Audit Issuance: June 15, 2022 >>>>>> - For Period Ending: April 27, 2022 >>>>>> - Audit Statement(s): here >>>>>> >>>>>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.datenschutz-cert.de%2Ffileadmin%2Fuploads%2Ftx_dscertcertlist%2FDSC1161_Atos_ATCA_Audit_Attestation.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7Ccea4b67446f04c7f743b08db08702900%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638113051609200071%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2kk2LefOknZa2pFJAg9ZT8SDP4F7mWXG41a05gci0xo%3D&reserved=0> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> *Incident Summary (Bugzilla incidents from previous 24 months):* >>>>>> >>>>>> - None in the previous 24 months. >>>>>> >>>>>> >>>>>> >>>>>> *Quantifying Value:* >>>>>> >>>>>> - Not applicable. >>>>>> >>>>>> Thank you, >>>>>> >>>>>> Chris, on behalf of the CCADB Steering Committee >>>>>> >>>>>> -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAH8yC8kgm7G5WgTcO2j62YEQ3BmSbu2bCubx4_RppcpLSsiSvg%40mail.gmail.com.
