All, This email commences a six-week public discussion of Deutsche Telekom Security’s request to include the following CA certificates as publicly trusted root certificates in one or more CCADB Root Store Member’s program. This discussion period is scheduled to close on December 13, 2023.
The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any root store. Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of the applicant must promptly respond directly in the discussion thread to all questions that are posted. CCADB Case Number: 00001269 <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001269> Organization Background Information (listed in CCADB): - CA Owner Name:Deutsche Telekom Security GmbH - Website: https://www.telesec.de/ - Address: Untere Industriestrasse 20, Netphen, 57250 Germany - Problem Reporting Mechanisms: https://www.telesec.de/en/kontakt-en - Organization Type: Private Corporation - Deutsche Telekom Security is a subsidiary of Deutsche Telekom AG - Repository URL: https://www.telesec.de/en/service/downloads/pki-repository/ Certificates Requesting Inclusion: 1. Telekom Security SMIME ECC Root 2021: - Certificate download links: (CA Repository <https://www.telesec.de/assets/downloads/PKI-Repository/Telekom_Security_SMIME_ECC_Root_2021.cer>, crt.sh <https://crt.sh/?sha256=3AE6DF7E0D637A65A8C81612EC6F9A142F85A16834C10280D88E707028518755> ) - Use cases served/EKUs: - Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 - Test websites: N/A (S/MIME CA) 1. Telekom Security TLS ECC Root 2020: - Certificate download links: (CA Repository <https://www.telesec.de/assets/downloads/PKI-Repository/Telekom_Security_TLS_ECC_Root_2020.cer>, crt.sh <https://crt.sh/?sha256=578AF4DED0853F4E5998DB4AEAF9CBEA8D945F60B620A38D1A3C13B2BC7BA8E1> ) - Use cases served/EKUs: - Server Authentication 1.3.6.1.5.5.7.3.1 - Client Authentication 1.3.6.1.5.5.7.3.2 - Test websites: - Valid: https://active.tstlser20.test.telesec.de/ - Revoked:https://revoked.tstlser20.test.telesec.de/ - Expired: https://expired.tstlser20.test.telesec.de/ 1. Telekom Security SMIME RSA Root 2023: - Certificate download links: (CA Repository <https://www.telesec.de/assets/downloads/PKI-Repository/Telekom_Security_SMIME_RSA_Root_2023.cer>, crt.sh <https://crt.sh/?sha256=78A656344F947E9CC0F734D9053D32F6742086B6B9CD2CAE4FAE1A2E4EFDE048> ) - Use cases served/EKUs: - Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 - Client Authentication 1.3.6.1.5.5.7.3.2 - Test websites: N/A (S/MIME CA) 1. Telekom Security TLS RSA Root 2023: - Certificate download links: (CA Repository <https://www.telesec.de/assets/downloads/PKI-Repository/Telekom_Security_TLS_RSA_Root_2023.cer>, crt.sh <https://crt.sh/?sha256=EFC65CADBB59ADB6EFE84DA22311B35624B71B3B1EA0DA8B6655174EC8978646> ) - Use cases served/EKUs: - Server Authentication 1.3.6.1.5.5.7.3.1 - Client Authentication 1.3.6.1.5.5.7.3.2 - Test websites: - Valid: https://active.tstlsrr23.test.telesec.de/ - Revoked: https://revoked.tstlsrr23.test.telesec.de/ - Expired: https://expired.tstlsrr23.test.telesec.de/ Existing Publicly Trusted Root CAs from Deutsche Telekom Security: 1. T-TeleSec GlobalRoot Class 2: - Certificate download links: CA Repository <https://www.telesec.de/assets/downloads/PKI-Repository/T-TeleSec_GlobalRoot_Class_2.cer>, crt.sh <https://crt.sh/?q=91E2F5788D5810EBA7BA58737DE1548A8ECACD014598BC0B143E041B17052552> - Use cases served/EKUs: - Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 - Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 - Client Authentication 1.3.6.1.5.5.7.3.2 - Certificate Corpus: here <https://search.censys.io/search?resource=certificates&q=parsed.extensions.authority_key_id%3A+bf5920360079a0a0226b8cd5f261d2b82ccb824a> (requires Censys account) - Included in: Apple, Chrome, Microsoft, Mozilla 1. T-TeleSec GlobalRoot Class 3: - Certificate download links: CA Repository <https://www.telesec.de/assets/downloads/PKI-Repository/T-TeleSec_GlobalRoot_Class_3.cer>, crt.sh <https://crt.sh/?q=FD73DAD31C644FF1B43BEF0CCDDA96710B9CD9875ECA7E31707AF3E96D522BBD> - Use cases served/EKUs: - Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; - Client Authentication 1.3.6.1.5.5.7.3.2 - Certificate Corpus: here <https://search.censys.io/search?resource=certificates&q=parsed.extensions.authority_key_id%3A+b503f7763b61826a12aa1853eb032194bffececa> (requires Censys account) - Included in: Apple, Chrome, Microsoft, Mozilla Relevant Policy and Practices Documentation: - Certificate Policy - v. 4.0 (Sept. 1, 2023), https://www.telesec.de/assets/downloads/PKI-Repository/Telekom-Security-CP-EN-V4.0.pdf - Certification Practices Statement - v. 6.0 (Sept. 1, 2023), https://www.telesec.de/assets/downloads/PKI-Repository/Telekom-Security-CPS-Public-EN-V6.0.pdf Most Recent Self-Assessment: - https://www.telesec.de/assets/downloads/2023-08-28_Telekom_Security_CCADB_Self_Assessment_Framework_v1.2.xlsx Audit Statements: - Auditor: TÜV Informationstechnik GmbH - Audit Criteria: ETSI EN 319 411-1 V1.3.1 (2021-05); ETSI EN 319 411-2, V2.4.1 (2021-11) - Date of Audit Letter Issuance: June 21, 2023 - For Period of Time: April 8, 2022, through April 7, 2023 - Audit Statement(s): - https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/en/AA2023062101_Telekom_Security_2023_V1.0.pdf Incident Summary (Bugzilla incidents from previous 24 months): - Improper use of a domain validation method (Bugzilla Bug #1825780 <https://bugzilla.mozilla.org/show_bug.cgi?id=1825780>) Thanks, Ryan, on behalf of the CCADB Steering Committee -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to public+unsubscr...@ccadb.org. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CADEW5O_%3DkLcjqCLTj-XsBzVt94JgD0zA-HYfx9G711QVEr6HYQ%40mail.gmail.com.
