Hi Jeffrey, since Matthias is now on vacation, I’ll answer your question on his behalf.
You are correct, Atos Roots and Subordinates are NOT used for DLP purposes. Kind regards, Michael Risthaus Von: Jeffrey Walton <[email protected]> Gesendet: Donnerstag, 9. Februar 2023 23:08 An: Matthias Wessels <[email protected]> Cc: CCADB Public <[email protected]> Betreff: Re: Public Discussion of Atos CA Inclusion Request Caution: External email. Do not open attachments or click links, unless this email comes from a known sender and you know the content is safe. Hi Matthias/Everyone, I'm a bit suspicious of these two statements: - The Atos Offering is about threat detection and defence. - All activities are carried out passively and on behalf of the customer and its own infrastructure. The CPSes don't discuss the use of the certificates for threat detection or defense.[1,2] However, ATOS offers Data Loss Prevention (DLP) services.[3] A.k.a., Interception Proxy. So I am clear, the Roots and Subordinates WILL NOT be used for DLP purposes, even if the use is intended for or limited to customer on-prem. If a customer wants a DLP program run by ATOS, then the customer will use its internal PKI or its own Roots and Subordinates. Is that correct? Jeff [1] https://pki.atos.net/Download/Atos_TrustedRoot_CPS_RootCA_v2.7.2.pdf<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FDownload%2FAtos_TrustedRoot_CPS_RootCA_v2.7.2.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=NkGyQ8%2FzCVz3OsbDuQKPvWCOco3kGdezrbccHBt2wP8%3D&reserved=0> [2] https://pki.atos.net/Download/Atos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FDownload%2FAtos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=Qq0rVcUvZRo2J%2F48iOOaneT7OI6xIzq3T3jDBY6gm9M%3D&reserved=0> [3] https://atos.net/en/2016/press-release/general-press-releases_2016_06_03/pr-2016_06_03_01<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fatos.net%2Fen%2F2016%2Fpress-release%2Fgeneral-press-releases_2016_06_03%2Fpr-2016_06_03_01&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=QOkKOlWJnqXZiixKB%2BacEJmIkQyZLUfGIQrnW0XLoic%3D&reserved=0> On Wed, Feb 8, 2023 at 4:47 AM 'Matthias Wessels' via CCADB Public <[email protected]<mailto:[email protected]>> wrote: Dear All, many thanks for your comments. we are happy to provide some explanations for the discussion. - The Atos Offering is about threat detection and defence. - All activities are carried out passively and on behalf of the customer and its own infrastructure. - On the website mentioned above (https://atos.net/en/solutions/cyber-security/managed-security-services<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fatos.net%2Fen%2Fsolutions%2Fcyber-security%2Fmanaged-security-services&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=hQxRyy2UMWatDNLlZTvvRWgIdX%2F%2Fxk0kxzUQ7%2BD5HMg%3D&reserved=0>), the offering is presented on the basis of the customer IOC. - In addition, it also serves to protect the Atos infrastructure (including the PKI services). It is therefore not network surveillance or cyber espionage. Hope this will help to clear this discussion point. Best regards Matthias [email protected]<mailto:[email protected]> schrieb am Mittwoch, 8. Februar 2023 um 04:04:34 UTC+1: I think 'monitor' in that statement actually means 'We run a web crawler on some forums/markets on TOR and see what exploits they post/sell" I see no reason why they would care about any specific person on there. 2023-02-08 오전 10:48에 'Kurt Seifried' via CCADB Public 이(가) 쓴 글: In line with: https://wiki.mozilla.org/CA/Root_Inclusion_Considerations<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.mozilla.org%2FCA%2FRoot_Inclusion_Considerations&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=2Kcw%2FbAVOsnjFHJUwfevwCyEoOPXVb0UcJWTwHqri%2F0%3D&reserved=0> I have incorporated your feedback as follows. - Changed network surveillance bullet point to: network surveillance that collects information about a person or organization and sends it to another entity in a way that endangers the privacy or device security of the person or organization - Changed the cyber espionage bullet point to: cyber espionage that aims to obtain information from a person or organization without the knowledge or permission of the person or organization for personal, economic, political or military advantage. Atos states clearly they are monitoring the dark web, do you think they are logging into those sites as "ATOS_darkweb_monitoring_user"? I would note that the Mozilla Root_Inclusion_Considerations<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.mozilla.org%2FCA%2FRoot_Inclusion_Considerations&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=2Kcw%2FbAVOsnjFHJUwfevwCyEoOPXVb0UcJWTwHqri%2F0%3D&reserved=0> uses terms like "privacy" which covers people you like, and people you don't like. On Tue, Feb 7, 2023 at 2:27 PM Rufus Buschart <[email protected]<mailto:[email protected]>> wrote: This should obviously say "I am not able to" /Rufus Rufus Buschart <[email protected]<mailto:[email protected]>> schrieb am Di., 7. Feb. 2023, 22:26: Hi Kurt! Could you please be a bit more specific, when you make such accusations? At least I'm able to find the problematic services under the link you posted. Best regards Rufus 'Kurt Seifried' via CCADB Public <[email protected]<mailto:[email protected]>> schrieb am Di., 7. Feb. 2023, 20:18: In line with the recently announced: https://wiki.mozilla.org/CA/Root_Inclusion_Considerations<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.mozilla.org%2FCA%2FRoot_Inclusion_Considerations&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=2Kcw%2FbAVOsnjFHJUwfevwCyEoOPXVb0UcJWTwHqri%2F0%3D&reserved=0> There is reasonable suspicion that the CA is closely tied, through ownership or operation, to a company engaged in any of the following: the distribution of malware or spyware; network surveillance; or cyber espionage. ATOS appears to be involved in "network surveillance; or cyber espionage." as per: https://atos.net/en/solutions/cyber-security/managed-security-services<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fatos.net%2Fen%2Fsolutions%2Fcyber-security%2Fmanaged-security-services&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=hQxRyy2UMWatDNLlZTvvRWgIdX%2F%2Fxk0kxzUQ7%2BD5HMg%3D&reserved=0> Which explicitly mentions: "Global threat intelligence services to monitor and pre-empt threats across the internet and dark web" So I guess this will need to be explained/an exception granted, or? On Tue, Feb 7, 2023 at 2:51 AM 'Michael Risthaus' via CCADB Public <[email protected]<mailto:[email protected]>> wrote: Hi Aaron, thanks for the hint! Instead of a 404 we are now sending a 301 redirect to the correct landing page. Additionally we will correct the “Company Website” entry in the CCADB as soon as possible. Kind regards, Michael Risthaus Von: 'Aaron Gable' via CCADB Public <[email protected]<mailto:[email protected]>> Gesendet: Montag, 6. Februar 2023 19:30 An: Chris Clements <[email protected]<mailto:[email protected]>> Cc: public <[email protected]<mailto:[email protected]>> Betreff: Re: Public Discussion of Atos CA Inclusion Request Caution: External email. Do not open attachments or click links, unless this email comes from a known sender and you know the content is safe. It appears that the link listed for Website (https://pki.atos.net/TrustedRoot<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FTrustedRoot&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=k0O%2BeVa34dYXe0cBeWDU9nlnZAp0uu33yxkkMNI10g4%3D&reserved=0>) returns a 404. Is that link supposed to be https://pki.atos.net/trustcenter/en/pki-services/ssl-certificates<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2Ftrustcenter%2Fen%2Fpki-services%2Fssl-certificates&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=QghFuV2a%2BAwl6h2OHqccy73k06rCb9DW%2BtgzpBe5VwU%3D&reserved=0> instead? Aaron On Mon, Feb 6, 2023 at 6:16 AM 'Chris Clements' via CCADB Public <[email protected]<mailto:[email protected]>> wrote: All, This email commences a six-week public discussion of Atos Trustcenter’s request to include the following certificates as publicly trusted root certificates in one or more CCADB Root Store Member’s program. This discussion period is scheduled to close on March 20, 2023. The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any root store. Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of the applicant must promptly respond directly in the discussion thread to all questions that are posted. CCADB Case Number: 00000999<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fccadb-public.secure.force.com%2Fmozilla%2FPrintViewForCase%3FCaseNumber%3D00000999&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=DYXHofn6Gz5utwyE3bNAhI%2FY48MvDewPnc87GFQ6KFc%3D&reserved=0> Organization Background Information: * CA Owner Name: Atos Trustcenter * Website: https://pki.atos.net/TrustedRoot/<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FTrustedRoot%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=VPvuhLydpTBF2RsJsipxXkSztk%2FAhXTjrJo25j2YBXI%3D&reserved=0> * Address: Lohberg 10 Meppen, 49716 Germany * Problem Reporting Mechanisms: [email protected]<mailto:[email protected]>, https://pki.atos.net<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=K8WhvuzqBqvlj09sEBFy3wuZHp1Z4JFFDO9tpZSt4Ow%3D&reserved=0> * Organization Type: Private Corporation * Repository URL: https://pki.atos.net/trustcenter/en/download/trusted-root-ca<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2Ftrustcenter%2Fen%2Fdownload%2Ftrusted-root-ca&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=crf%2BWNd2HMTGne83bvFb1OMO%2FatlR8KJjpuGjZIbrLs%3D&reserved=0> Certificates Requesting Inclusion: 1. Atos TrustedRoot Root CA RSA G2 2020: • Certificate download links (CA Repository<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCARSAG22020.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=%2BUnKsoA7DDAzM4ukbxaqzhJgQHHnTGMKX2rCP7W15rQ%3D&reserved=0>, crt.sh<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3D78833A783BB2986C254B9370D3C20E5EBA8FA7840CBF63FE17297A0B0119685E&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=v0ciEPfxQlH0cWeB9iq6gDcMrrksHes5%2B72nMoSZQlA%3D&reserved=0>) • Use cases served/EKUs: o Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; and o Client Authentication 1.3.6.1.5.5.7.3.2 • Test websites: N/A 2. Atos TrustedRoot Root CA RSA TLS 2021: • Certificate download links (CA Repository<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCARSATLS2021.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=axdcxdf5M4XH3k9BJV9ZP2QYiRIGbjYHpTNV9tw%2BctY%3D&reserved=0>, crt.sh<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3D81A9088EA59FB364C548A6F85559099B6F0405EFBF18E5324EC9F457BA00112F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=v5kje7rswBeef1e8xi0X5ajrJN8gi0YHdT9OHJMiD4g%3D&reserved=0>) • Use cases served/EKUs: o Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; and o Client Authentication 1.3.6.1.5.5.7.3.2 • Test websites: o Valid: https://tls-rsa-root-2021-pki-valid.atos.net<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-rsa-root-2021-pki-valid.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=wBSanOpe0jT61X085Mwcewj5J%2FWGQKXT7dbZPgcMvAc%3D&reserved=0> o Revoked: https://tls-rsa-root-2021-pki-revoked.atos.net<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-rsa-root-2021-pki-revoked.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ygep8%2BH%2FGrSvU9LLeWayp0xuiGN9%2FdlK6mD5ff%2B6hFc%3D&reserved=0> o Expired: https://tls-rsa-root-2021-pki-expired.atos.net<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-rsa-root-2021-pki-expired.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=Ie2xrqHfhWVa1gUXpCxmFtBU9T6B0X2wLcdPXh86FQ0%3D&reserved=0> 3. Atos TrustedRoot Root CA ECC G2 2020: • Certificate download links (CA Repository<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCAECCG22020.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=YMHPIkGxqlqUpVmm99bgMeJeVDh5SrWu1P2a9r2053Y%3D&reserved=0>, crt.sh<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3DE38655F4B0190C84D3B3893D840A687E190A256D98052F159E6D4A39F589A6EB&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=i%2B7BS4Bs6hJD2oYTrHW31B4kXn524cXfEwE9D7pivKQ%3D&reserved=0>) • Use cases served/EKUs: o Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; and o Client Authentication 1.3.6.1.5.5.7.3.2 • Test websites: N/A 4. Atos TrustedRoot Root CA ECC TLS 2021: • Certificate download links (CA Repository<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCAECCTLS2021.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ituchvEkkWKjp7bAK3oCKaMD93LBcuDEi2m8Q5yjiaM%3D&reserved=0>, crt.sh<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3DB2FAE53E14CCD7AB9212064701AE279C1D8988FACB775FA8A008914E663988A8&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=6k%2F2ZrhNbRFR%2B2XCFPh2Xk9GuCS46DIrMexyhIRjTBc%3D&reserved=0>) • Use cases served/EKUs: o Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; and o Client Authentication 1.3.6.1.5.5.7.3.2 • Test websites: o Valid: https://tls-ecc-root-2021-pki-valid.atos.net<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-ecc-root-2021-pki-valid.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=4d8E6QOgGl4ksTNRGuV8cltcoLtI34%2FQe6MFpfpje7c%3D&reserved=0> o Revoked: https://tls-ecc-root-2021-pki-revoked.atos.net<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-ecc-root-2021-pki-revoked.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=iXBbDumgZznaWqVqQ81m4Xu1%2BAXpNtMqchamZUfH0Q8%3D&reserved=0> o Expired: https://tls-ecc-root-2021-pki-expired.atos.net<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-ecc-root-2021-pki-expired.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=7dmNbGqug%2BShkEtH1A4xSgd16RhyP7KZFN7Jiw%2FZ4cw%3D&reserved=0> Existing Publicly Trusted Root CAs from Atos Trustcenter: 1. Atos TrustedRoot 2011 • Certificate download links (CA Repository<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRoot2011.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=pdUy5syGNCKfco3e5NuMpUx4JY8MSfqLp2dDkWdeok8%3D&reserved=0>, crt.sh<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3DF356BEA244B7A91EB35D53CA9AD7864ACE018E2D35D5F8F96DDF68A6F41AA474&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=PKMPIhblmZBUHUcGD6s7iT0SWn7dr1VwV8a1TNcihj4%3D&reserved=0>) • Use cases served/EKUs: not defined • Certificate corpus: here<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsearch.censys.io%2Fcertificates%3Fq%3Df356bea244b7a91eb35d53ca9ad7864ace018e2d35d5f8f96ddf68a6f41aa474&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=g4j%2FLVKipGO%2FYLL4Z4qP1OoVkX1rK%2Bv8ruAGWtGMp20%3D&reserved=0> (login required) • Included in: Apple; Google Chrome; Microsoft; Mozilla Relevant Policy and Practices Documentation: The following apply to all four (4) applicant root CAs: * https://pki.atos.net/Download/Atos_TrustedRoot_CPS_RootCA_v2.7.2.pdf<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FDownload%2FAtos_TrustedRoot_CPS_RootCA_v2.7.2.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=kpfzhfuRQbHzjmHYMPQsUyLSfRBZaRPm%2BkAmScKHgkE%3D&reserved=0> * https://pki.atos.net/Download/Atos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FDownload%2FAtos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=PyOEjl8bKTyHFVHTh5rrREWGoZUiHpLI6se7FnYxqgE%3D&reserved=0> Most Recent Self-Assessment: * https://bugzilla.mozilla.org/attachment.cgi?id=9293279<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fattachment.cgi%3Fid%3D9293279&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=NCDl%2Bm1M9qTCy0uz8Zo%2BXUb6KokILehti6hc8bpm8es%3D&reserved=0> (completed 9/6/2022) Audit Statements: * Auditor: datenschutz cert GmbH<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.datenschutz-cert.de%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=E0NM2T%2FlAQLrT4pcEHO57RnpLaIMBCIrROg%2FahHhL%2Fk%3D&reserved=0> * Audit Criteria: ETSI EN 319 411-1 * Date of Audit Issuance: June 15, 2022 * For Period Ending: April 27, 2022 * Audit Statement(s): here<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.datenschutz-cert.de%2Ffileadmin%2Fuploads%2Ftx_dscertcertlist%2FDSC1161_Atos_ATCA_Audit_Attestation.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=UeqT67yv%2BCTVPGy20K8RdajNEkQFImR9HZnAY3X%2FYQY%3D&reserved=0> Incident Summary (Bugzilla incidents from previous 24 months): * None in the previous 24 months. Quantifying Value: * Not applicable. Thank you, Chris, on behalf of the CCADB Steering Committee -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAH8yC8kgm7G5WgTcO2j62YEQ3BmSbu2bCubx4_RppcpLSsiSvg%40mail.gmail.com<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fccadb.org%2Fd%2Fmsgid%2Fpublic%2FCAH8yC8kgm7G5WgTcO2j62YEQ3BmSbu2bCubx4_RppcpLSsiSvg%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=s%2BcEQfS51AEmgyKyfSvwGtQohRNxQwVcELImkxy4gKw%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/fbb1ea8910584e92a04a5b4c273b0eec%40atos.net.
