All, On February 6, 2023, we began a six-week, public discussion[1] on the request from Atos Trustcenter for inclusion of its root certificate(s):
- Atos TrustedRoot Root CA RSA G2 2020 <https://crt.sh/?sha256=78833A783BB2986C254B9370D3C20E5EBA8FA7840CBF63FE17297A0B0119685E> - Atos TrustedRoot Root CA RSA TLS 2021 <https://crt.sh/?sha256=81A9088EA59FB364C548A6F85559099B6F0405EFBF18E5324EC9F457BA00112F> - Atos TrustedRoot Root CA ECC G2 2020 <https://crt.sh/?sha256=E38655F4B0190C84D3B3893D840A687E190A256D98052F159E6D4A39F589A6EB> - Atos TrustedRoot Root CA ECC TLS 2021 <https://crt.sh/?sha256=B2FAE53E14CCD7AB9212064701AE279C1D8988FACB775FA8A008914E663988A8> The public discussion period ended on March 20, 2023. Summary of Discussion Discussion Item #1: The statement “Global threat intelligence services to monitor and pre-empt threats across the internet and dark web <https://atos.net/en/solutions/cyber-security/managed-security-services#:~:text=Global%20threat%20intelligence%20services%20to%20monitor%20and%20pre%2Dempt%20threats%20across%20the%20internet%20and%20dark%20web>”[2] was questioned in relation to the (at the time) draft <https://wiki.mozilla.org/CA/Root_Inclusion_Considerations>[3] Mozilla root inclusion considerations. Specifically, the correlation with the "network surveillance; or cyber espionage" language in the inclusion considerations. Atos Response to Discussion Item #1: The Atos Offering is about threat detection and defence. All activities are carried out passively and on behalf of the customer and its own infrastructure. On the website mentioned above, the offering is presented on the basis of the customer IOC. In addition, it also serves to protect the Atos infrastructure (including the PKI services). It is therefore not network surveillance or cyber espionage. ========================== Discussion Item #2: The CPSes do not discuss the use of the certificates for threat detection or defense.[4,5] However, Atos offers Data Loss Prevention (DLP) services.[6] A.k.a., Interception Proxy. Confirmation was requested for the Roots and Subordinates not being used for DLP purposes, even if the use is intended for or limited to customer on-prem. Atos Response to Discussion Item #2: Atos Roots and Subordinates are NOT used for DLP purposes. ========================== We thank community members for their review and consideration during this period. Root Store Programs will make final inclusion decisions independently, on their own timelines, and based on each Root Store Member’s inclusion criteria. Further discussion may take place in the independently managed Root Store community forums (i.e., MDSP). [1] https://groups.google.com/a/ccadb.org/g/public/c/v5yFBHjuBRo/m/YT_SjO2_BQAJ [2] https://atos.net/en/solutions/cyber-security/managed-security-services [3] https://wiki.mozilla.org/CA/Root_Inclusion_Considerations [4] https://pki.atos.net/Download/Atos_TrustedRoot_CPS_RootCA_v2.7.2.pdf [5] https://pki.atos.net/Download/Atos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf [6] https://atos.net/en/2016/press-release/general-press-releases_2016_06_03/pr-2016_06_03_01 Thank you, Chris, on behalf of the CCADB Steering Committee On Mon, Mar 13, 2023 at 10:37 AM Chris Clements <[email protected]> wrote: > All, > > > This is a reminder that the public discussion period on the inclusion > application of Atos Trustcenter will close next Monday, on March 20, 2023. > > > Thank you, > > Chris, on behalf of the CCADB Steering Committee > > > On Fri, Feb 10, 2023 at 12:03 PM 'Kurt Seifried' via CCADB Public < > [email protected]> wrote: > >> >> >> On Fri, Feb 10, 2023 at 3:46 AM 'Michael Risthaus' via CCADB Public < >> [email protected]> wrote: >> >>> Hi Jeffrey, >>> >>> >>> >>> since Matthias is now on vacation, I’ll answer your question on his >>> behalf. >>> >>> >>> >>> You are correct, Atos Roots and Subordinates are NOT used for DLP >>> purposes. >>> >> >> Just a general note: I assume you're using DLP (Data Loss Prevention) in >> the same way the previous email used it, but can we PLEASE spell out >> acronyms the first time we use them in an email (even a reply) to ensure >> we're all on the same page (e.g. Data Leak Prevention, >> https://www.acronymfinder.com/DLP.html)? >> >> >>> >>> >>> Kind regards, >>> >>> *Michael Risthaus* >>> >>> >>> >>> >>> >>> >>> >>> *Von:* Jeffrey Walton <[email protected]> >>> *Gesendet:* Donnerstag, 9. Februar 2023 23:08 >>> *An:* Matthias Wessels <[email protected]> >>> *Cc:* CCADB Public <[email protected]> >>> *Betreff:* Re: Public Discussion of Atos CA Inclusion Request >>> >>> >>> >>> *Caution:* External email. Do not open attachments or click links, >>> unless this email comes from a known sender and you know the content is >>> safe. >>> >>> >>> >>> Hi Matthias/Everyone, >>> >>> >>> >>> I'm a bit suspicious of these two statements: >>> >>> >>> >>> - The Atos Offering is about threat detection and defence. >>> >>> - All activities are carried out passively and on behalf of the customer >>> and its own infrastructure. >>> >>> >>> >>> The CPSes don't discuss the use of the certificates for threat detection >>> or defense.[1,2] However, ATOS offers Data Loss Prevention (DLP) >>> services.[3] A.k.a., Interception Proxy. >>> >>> >>> >>> So I am clear, the Roots and Subordinates WILL NOT be used for DLP >>> purposes, even if the use is intended for or limited to customer on-prem. >>> If a customer wants a DLP program run by ATOS, then the customer will use >>> its internal PKI or its own Roots and Subordinates. >>> >>> >>> >>> Is that correct? >>> >>> >>> >>> Jeff >>> >>> >>> >>> [1] https://pki.atos.net/Download/Atos_TrustedRoot_CPS_RootCA_v2.7.2.pdf >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FDownload%2FAtos_TrustedRoot_CPS_RootCA_v2.7.2.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=NkGyQ8%2FzCVz3OsbDuQKPvWCOco3kGdezrbccHBt2wP8%3D&reserved=0> >>> >>> [2] >>> https://pki.atos.net/Download/Atos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FDownload%2FAtos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=Qq0rVcUvZRo2J%2F48iOOaneT7OI6xIzq3T3jDBY6gm9M%3D&reserved=0> >>> >>> [3] >>> https://atos.net/en/2016/press-release/general-press-releases_2016_06_03/pr-2016_06_03_01 >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fatos.net%2Fen%2F2016%2Fpress-release%2Fgeneral-press-releases_2016_06_03%2Fpr-2016_06_03_01&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=QOkKOlWJnqXZiixKB%2BacEJmIkQyZLUfGIQrnW0XLoic%3D&reserved=0> >>> >>> >>> >>> >>> >>> On Wed, Feb 8, 2023 at 4:47 AM 'Matthias Wessels' via CCADB Public < >>> [email protected]> wrote: >>> >>> Dear All, >>> >>> many thanks for your comments. >>> >>> we are happy to provide some explanations for the discussion. >>> >>> - The Atos Offering is about threat *detection and defence.* >>> >>> - All activities are carried out *passively and on behalf of the >>> customer* and *its own infrastructure*. >>> >>> - On the website mentioned above ( >>> https://atos.net/en/solutions/cyber-security/managed-security-services >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fatos.net%2Fen%2Fsolutions%2Fcyber-security%2Fmanaged-security-services&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=hQxRyy2UMWatDNLlZTvvRWgIdX%2F%2Fxk0kxzUQ7%2BD5HMg%3D&reserved=0>), >>> the offering is presented on *the basis of the customer IOC.* >>> >>> - In addition, it also serves to protect the Atos infrastructure >>> (including the PKI services). >>> >>> It is therefore not network surveillance or cyber espionage. >>> >>> Hope this will help to clear this discussion point. >>> >>> Best regards >>> >>> Matthias >>> >>> [email protected] schrieb am Mittwoch, 8. Februar 2023 um 04:04:34 UTC+1: >>> >>> I think 'monitor' in that statement actually means 'We run a web crawler >>> on some forums/markets on TOR and see what exploits they post/sell" I see >>> no reason why they would care about any specific person on there. >>> >>> 2023-02-08 오전 10:48에 'Kurt Seifried' via CCADB Public 이(가) 쓴 글: >>> >>> In line with: >>> >>> >>> >>> https://wiki.mozilla.org/CA/Root_Inclusion_Considerations >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.mozilla.org%2FCA%2FRoot_Inclusion_Considerations&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=2Kcw%2FbAVOsnjFHJUwfevwCyEoOPXVb0UcJWTwHqri%2F0%3D&reserved=0> >>> >>> >>> I have incorporated your feedback as follows. >>> >>> - Changed network surveillance bullet point to: >>> network surveillance that collects information about a person or >>> organization and sends it to another entity in a way that endangers the >>> privacy or device security of the person or organization >>> >>> - Changed the cyber espionage bullet point to: >>> cyber espionage that aims to obtain information from a person or >>> organization without the knowledge or permission of the person or >>> organization for personal, economic, political or military advantage. >>> >>> >>> >>> Atos states clearly they are monitoring the dark web, do you think they >>> are logging into those sites as "ATOS_darkweb_monitoring_user"? >>> >>> >>> >>> I would note that the Mozilla Root_Inclusion_Considerations >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.mozilla.org%2FCA%2FRoot_Inclusion_Considerations&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=2Kcw%2FbAVOsnjFHJUwfevwCyEoOPXVb0UcJWTwHqri%2F0%3D&reserved=0> >>> uses >>> terms like "privacy" which covers people you like, and people you don't >>> like. >>> >>> >>> >>> On Tue, Feb 7, 2023 at 2:27 PM Rufus Buschart <[email protected]> wrote: >>> >>> This should obviously say "I am not able to" >>> >>> >>> >>> /Rufus >>> >>> >>> >>> Rufus Buschart <[email protected]> schrieb am Di., 7. Feb. 2023, >>> 22:26: >>> >>> Hi Kurt! >>> >>> >>> >>> Could you please be a bit more specific, when you make such accusations? >>> At least I'm able to find the problematic services under the link you >>> posted. >>> >>> >>> >>> Best regards >>> >>> >>> >>> Rufus >>> >>> >>> >>> 'Kurt Seifried' via CCADB Public <[email protected]> schrieb am Di., 7. >>> Feb. 2023, 20:18: >>> >>> In line with the recently announced: >>> >>> >>> >>> https://wiki.mozilla.org/CA/Root_Inclusion_Considerations >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.mozilla.org%2FCA%2FRoot_Inclusion_Considerations&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=2Kcw%2FbAVOsnjFHJUwfevwCyEoOPXVb0UcJWTwHqri%2F0%3D&reserved=0> >>> >>> >>> >>> There is reasonable suspicion that the CA is closely tied, through >>> ownership or operation, to a company engaged in any of the following: >>> the distribution of malware or spyware; >>> network surveillance; or >>> cyber espionage. >>> >>> >>> >>> ATOS appears to be involved in "network surveillance; or cyber >>> espionage." as per: >>> >>> >>> >>> https://atos.net/en/solutions/cyber-security/managed-security-services >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fatos.net%2Fen%2Fsolutions%2Fcyber-security%2Fmanaged-security-services&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=hQxRyy2UMWatDNLlZTvvRWgIdX%2F%2Fxk0kxzUQ7%2BD5HMg%3D&reserved=0> >>> >>> >>> >>> Which explicitly mentions: >>> >>> >>> >>> "Global threat intelligence services to monitor and pre-empt threats >>> across the internet and dark web" >>> >>> >>> >>> So I guess this will need to be explained/an exception granted, or? >>> >>> >>> >>> >>> >>> >>> >>> On Tue, Feb 7, 2023 at 2:51 AM 'Michael Risthaus' via CCADB Public < >>> [email protected]> wrote: >>> >>> Hi Aaron, >>> >>> >>> >>> thanks for the hint! >>> >>> >>> >>> Instead of a 404 we are now sending a 301 redirect to the correct >>> landing page. Additionally we will correct the “Company Website” entry in >>> the CCADB as soon as possible. >>> >>> >>> >>> Kind regards, >>> >>> *Michael Risthaus* >>> >>> >>> >>> >>> >>> *Von:* 'Aaron Gable' via CCADB Public <[email protected]> >>> *Gesendet:* Montag, 6. Februar 2023 19:30 >>> *An:* Chris Clements <[email protected]> >>> *Cc:* public <[email protected]> >>> *Betreff:* Re: Public Discussion of Atos CA Inclusion Request >>> >>> >>> >>> *Caution:* External email. Do not open attachments or click links, >>> unless this email comes from a known sender and you know the content is >>> safe. >>> >>> >>> >>> It appears that the link listed for Website ( >>> https://pki.atos.net/TrustedRoot >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FTrustedRoot&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=k0O%2BeVa34dYXe0cBeWDU9nlnZAp0uu33yxkkMNI10g4%3D&reserved=0>) >>> returns a 404. Is that link supposed to be >>> https://pki.atos.net/trustcenter/en/pki-services/ssl-certificates >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2Ftrustcenter%2Fen%2Fpki-services%2Fssl-certificates&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=QghFuV2a%2BAwl6h2OHqccy73k06rCb9DW%2BtgzpBe5VwU%3D&reserved=0> >>> instead? >>> >>> >>> >>> Aaron >>> >>> >>> >>> On Mon, Feb 6, 2023 at 6:16 AM 'Chris Clements' via CCADB Public < >>> [email protected]> wrote: >>> >>> All, >>> >>> >>> >>> This email commences a six-week public discussion of Atos Trustcenter’s >>> request to include the following certificates as publicly trusted root >>> certificates in one or more CCADB Root Store Member’s program. This >>> discussion period is scheduled to close on *March 20, 2023*. >>> >>> >>> >>> The purpose of this public discussion process is to promote openness and >>> transparency. However, each Root Store makes its inclusion decisions >>> independently, on its own timelines, and based on its own inclusion >>> criteria. Successful completion of this public discussion process does not >>> guarantee any favorable action by any root store. >>> >>> >>> >>> Anyone with concerns or questions is urged to raise them on this CCADB >>> Public list by replying directly in this discussion thread. Likewise, a >>> representative of the applicant must promptly respond directly in the >>> discussion thread to all questions that are posted. >>> >>> *CCADB Case Number: *00000999 >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fccadb-public.secure.force.com%2Fmozilla%2FPrintViewForCase%3FCaseNumber%3D00000999&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=DYXHofn6Gz5utwyE3bNAhI%2FY48MvDewPnc87GFQ6KFc%3D&reserved=0> >>> >>> >>> *Organization Background Information:* >>> >>> - *CA Owner Name:* Atos Trustcenter >>> - *Website: *https://pki.atos.net/TrustedRoot/ >>> >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FTrustedRoot%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=VPvuhLydpTBF2RsJsipxXkSztk%2FAhXTjrJo25j2YBXI%3D&reserved=0> >>> - *Address: *Lohberg 10 Meppen, 49716 Germany >>> - *Problem Reporting Mechanisms: *[email protected], >>> https://pki.atos.net >>> >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=K8WhvuzqBqvlj09sEBFy3wuZHp1Z4JFFDO9tpZSt4Ow%3D&reserved=0> >>> - *Organization Type: *Private Corporation >>> - *Repository URL: >>> https://pki.atos.net/trustcenter/en/download/trusted-root-ca >>> >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2Ftrustcenter%2Fen%2Fdownload%2Ftrusted-root-ca&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=crf%2BWNd2HMTGne83bvFb1OMO%2FatlR8KJjpuGjZIbrLs%3D&reserved=0>* >>> >>> >>> *Certificates Requesting Inclusion:* >>> >>> 1. *Atos TrustedRoot Root CA RSA G2 2020:* >>> >>> · Certificate download links (CA Repository >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCARSAG22020.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=%2BUnKsoA7DDAzM4ukbxaqzhJgQHHnTGMKX2rCP7W15rQ%3D&reserved=0>, >>> crt.sh >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3D78833A783BB2986C254B9370D3C20E5EBA8FA7840CBF63FE17297A0B0119685E&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042572534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=v0ciEPfxQlH0cWeB9iq6gDcMrrksHes5%2B72nMoSZQlA%3D&reserved=0> >>> ) >>> >>> · Use cases served/EKUs: >>> >>> o Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; and >>> >>> o Client Authentication 1.3.6.1.5.5.7.3.2 >>> >>> · Test websites: N/A >>> >>> *2. Atos TrustedRoot Root CA RSA TLS 2021:* >>> >>> · Certificate download links (CA Repository >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCARSATLS2021.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=axdcxdf5M4XH3k9BJV9ZP2QYiRIGbjYHpTNV9tw%2BctY%3D&reserved=0>, >>> crt.sh >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3D81A9088EA59FB364C548A6F85559099B6F0405EFBF18E5324EC9F457BA00112F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=v5kje7rswBeef1e8xi0X5ajrJN8gi0YHdT9OHJMiD4g%3D&reserved=0> >>> ) >>> >>> · Use cases served/EKUs: >>> >>> o Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; and >>> >>> o Client Authentication 1.3.6.1.5.5.7.3.2 >>> >>> · Test websites: >>> >>> o Valid: https://tls-rsa-root-2021-pki-valid.atos.net >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-rsa-root-2021-pki-valid.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=wBSanOpe0jT61X085Mwcewj5J%2FWGQKXT7dbZPgcMvAc%3D&reserved=0> >>> >>> o Revoked: https://tls-rsa-root-2021-pki-revoked.atos.net >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-rsa-root-2021-pki-revoked.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ygep8%2BH%2FGrSvU9LLeWayp0xuiGN9%2FdlK6mD5ff%2B6hFc%3D&reserved=0> >>> >>> o Expired: https://tls-rsa-root-2021-pki-expired.atos.net >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-rsa-root-2021-pki-expired.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=Ie2xrqHfhWVa1gUXpCxmFtBU9T6B0X2wLcdPXh86FQ0%3D&reserved=0> >>> >>> >>> *3. Atos TrustedRoot Root CA ECC G2 2020:* >>> >>> · Certificate download links (CA Repository >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCAECCG22020.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=YMHPIkGxqlqUpVmm99bgMeJeVDh5SrWu1P2a9r2053Y%3D&reserved=0>, >>> crt.sh >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3DE38655F4B0190C84D3B3893D840A687E190A256D98052F159E6D4A39F589A6EB&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=i%2B7BS4Bs6hJD2oYTrHW31B4kXn524cXfEwE9D7pivKQ%3D&reserved=0> >>> ) >>> >>> · Use cases served/EKUs: >>> >>> o Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4; and >>> >>> o Client Authentication 1.3.6.1.5.5.7.3.2 >>> >>> · Test websites: N/A >>> >>> *4. Atos TrustedRoot Root CA ECC TLS 2021:* >>> >>> · Certificate download links (CA Repository >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRootRootCAECCTLS2021.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ituchvEkkWKjp7bAK3oCKaMD93LBcuDEi2m8Q5yjiaM%3D&reserved=0>, >>> crt.sh >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3DB2FAE53E14CCD7AB9212064701AE279C1D8988FACB775FA8A008914E663988A8&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=6k%2F2ZrhNbRFR%2B2XCFPh2Xk9GuCS46DIrMexyhIRjTBc%3D&reserved=0> >>> ) >>> >>> · Use cases served/EKUs: >>> >>> o Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; and >>> >>> o Client Authentication 1.3.6.1.5.5.7.3.2 >>> >>> · Test websites: >>> >>> o Valid: https://tls-ecc-root-2021-pki-valid.atos.net >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-ecc-root-2021-pki-valid.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=4d8E6QOgGl4ksTNRGuV8cltcoLtI34%2FQe6MFpfpje7c%3D&reserved=0> >>> >>> o Revoked: https://tls-ecc-root-2021-pki-revoked.atos.net >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-ecc-root-2021-pki-revoked.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=iXBbDumgZznaWqVqQ81m4Xu1%2BAXpNtMqchamZUfH0Q8%3D&reserved=0> >>> >>> o Expired: https://tls-ecc-root-2021-pki-expired.atos.net >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls-ecc-root-2021-pki-expired.atos.net%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=7dmNbGqug%2BShkEtH1A4xSgd16RhyP7KZFN7Jiw%2FZ4cw%3D&reserved=0> >>> >>> >>> *Existing Publicly Trusted Root CAs from Atos Trustcenter:* >>> >>> 1. *Atos TrustedRoot 2011 * >>> >>> · Certificate download links (CA Repository >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki-crl.atos.net%2Fcertificates%2FAtosTrustedRoot2011.pem&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=pdUy5syGNCKfco3e5NuMpUx4JY8MSfqLp2dDkWdeok8%3D&reserved=0>, >>> crt.sh >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrt.sh%2F%3Fsha256%3DF356BEA244B7A91EB35D53CA9AD7864ACE018E2D35D5F8F96DDF68A6F41AA474&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=PKMPIhblmZBUHUcGD6s7iT0SWn7dr1VwV8a1TNcihj4%3D&reserved=0> >>> ) >>> >>> · Use cases served/EKUs: not defined >>> >>> · Certificate corpus: here >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsearch.censys.io%2Fcertificates%3Fq%3Df356bea244b7a91eb35d53ca9ad7864ace018e2d35d5f8f96ddf68a6f41aa474&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=g4j%2FLVKipGO%2FYLL4Z4qP1OoVkX1rK%2Bv8ruAGWtGMp20%3D&reserved=0> >>> (login required) >>> >>> · Included in: Apple; Google Chrome; Microsoft; Mozilla >>> >>> *Relevant Policy and Practices Documentation:* >>> >>> The following apply to all four (4) applicant root CAs: >>> >>> - >>> https://pki.atos.net/Download/Atos_TrustedRoot_CPS_RootCA_v2.7.2.pdf >>> >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FDownload%2FAtos_TrustedRoot_CPS_RootCA_v2.7.2.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=kpfzhfuRQbHzjmHYMPQsUyLSfRBZaRPm%2BkAmScKHgkE%3D&reserved=0> >>> >>> - >>> https://pki.atos.net/Download/Atos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf >>> >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpki.atos.net%2FDownload%2FAtos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=PyOEjl8bKTyHFVHTh5rrREWGoZUiHpLI6se7FnYxqgE%3D&reserved=0> >>> >>> >>> >>> >>> *Most Recent Self-Assessment:* >>> >>> - https://bugzilla.mozilla.org/attachment.cgi?id=9293279 >>> >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fattachment.cgi%3Fid%3D9293279&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=NCDl%2Bm1M9qTCy0uz8Zo%2BXUb6KokILehti6hc8bpm8es%3D&reserved=0> >>> (completed 9/6/2022) >>> >>> >>> >>> *Audit Statements:* >>> >>> - Auditor: datenschutz cert GmbH >>> >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.datenschutz-cert.de%2F&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=E0NM2T%2FlAQLrT4pcEHO57RnpLaIMBCIrROg%2FahHhL%2Fk%3D&reserved=0> >>> - Audit Criteria: ETSI EN 319 411-1 >>> - Date of Audit Issuance: June 15, 2022 >>> - For Period Ending: April 27, 2022 >>> - Audit Statement(s): here >>> >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.datenschutz-cert.de%2Ffileadmin%2Fuploads%2Ftx_dscertcertlist%2FDSC1161_Atos_ATCA_Audit_Attestation.pdf&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=UeqT67yv%2BCTVPGy20K8RdajNEkQFImR9HZnAY3X%2FYQY%3D&reserved=0> >>> >>> >>> >>> >>> *Incident Summary (Bugzilla incidents from previous 24 months):* >>> >>> - None in the previous 24 months. >>> >>> >>> >>> *Quantifying Value:* >>> >>> - Not applicable. >>> >>> Thank you, >>> >>> Chris, on behalf of the CCADB Steering Committee >>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "CCADB Public" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/ccadb.org/d/msgid/public/CAH8yC8kgm7G5WgTcO2j62YEQ3BmSbu2bCubx4_RppcpLSsiSvg%40mail.gmail.com >>> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fccadb.org%2Fd%2Fmsgid%2Fpublic%2FCAH8yC8kgm7G5WgTcO2j62YEQ3BmSbu2bCubx4_RppcpLSsiSvg%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cmichael.risthaus%40atos.net%7C54eef3a4717b47dcff2708db0aea1ab7%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C638115774042728792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=s%2BcEQfS51AEmgyKyfSvwGtQohRNxQwVcELImkxy4gKw%3D&reserved=0> >>> . >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "CCADB Public" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/ccadb.org/d/msgid/public/fbb1ea8910584e92a04a5b4c273b0eec%40atos.net >>> <https://groups.google.com/a/ccadb.org/d/msgid/public/fbb1ea8910584e92a04a5b4c273b0eec%40atos.net?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> Kurt Seifried (He/Him) >> [email protected] >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CCADB Public" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/ccadb.org/d/msgid/public/CABqVa38U3bVMTfPj%3DVvDm%3DSCQH_dhLDwA%2BArmWEjAmK_T0FViA%40mail.gmail.com >> <https://groups.google.com/a/ccadb.org/d/msgid/public/CABqVa38U3bVMTfPj%3DVvDm%3DSCQH_dhLDwA%2BArmWEjAmK_T0FViA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mBrntsV8U5k7aYauU4BQp-e_G55ns_T8PNtBrGc6fR0hw%40mail.gmail.com.
