All, Regarding the D-Trust Certification Practice Statement—instead of referencing the D-Trust Root PKI CPS, it should have referenced the CPS of the D-Trust CSM PKI, v.4.0, valid from 28-September-2023 ( https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf) (from 19 July 2023, the CSM PKI CPS applies to certificates with policy levels QEVCP-w, QNCP-w, EVCP, OVCP and LCP).
Also, it didn’t mention the following Bugzilla bugs opened in the past 24 months: 1756122 <https://bugzilla.mozilla.org/show_bug.cgi?id=1756122> D-TRUST: Wrong key usage (Key Agreement) <https://bugzilla.mozilla.org/show_bug.cgi?id=1756122> RESOLVED [dv-misissuance] 1793440 <https://bugzilla.mozilla.org/show_bug.cgi?id=1793440> D-TRUST: CRL not DER-encoded <https://bugzilla.mozilla.org/show_bug.cgi?id=1793440> RESOLVED [crl-failure] 1861069 <https://bugzilla.mozilla.org/show_bug.cgi?id=1861069> D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field within subject <https://bugzilla.mozilla.org/show_bug.cgi?id=1861069> OPEN [dv-misissuance] 1862082 <https://bugzilla.mozilla.org/show_bug.cgi?id=1862082> D-Trust: Delay beyond 5 days in revoking misissued certificate <https://bugzilla.mozilla.org/show_bug.cgi?id=1862082> OPEN [leaf-revocation-delay] Ben On Fri, Nov 3, 2023 at 9:39 AM Ben Wilson <[email protected]> wrote: > All, > > This email commences a six-week public discussion of D-Trust’s request to > include the following CA certificates as publicly trusted root certificates > in one or more CCADB Root Store Member’s program. This discussion period is > scheduled to close on December 15, 2023. > > The purpose of this public discussion process is to promote openness and > transparency. However, each Root Store makes its inclusion decisions > independently, on its own timelines, and based on its own inclusion > criteria. Successful completion of this public discussion process does not > guarantee any favorable action by any root store. > > Anyone with concerns or questions is urged to raise them on this CCADB > Public list by replying directly in this discussion thread. Likewise, a > representative of the applicant must promptly respond directly in the > discussion thread to all questions that are posted. > > CCADB Case Numbers: # 1000 > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001000> > and # 1001 > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001001> > > Organization Background Information (listed in CCADB): > > - > > CA Owner Name: D-Trust GmbH > - > > Website: https://www.d-trust.net/en > - > > Address: Kommandantenstr. 15, Berlin, 10969, Germany > - > > Problem Reporting Mechanisms: > - > > https://www.d-trust.net/en/support/reporting-certificate-problem > - > > Organization Type: D-Trust GmbH is a subsidiary of the Bundesdruckerei > Group GmbH (bdr) and is fully owned by the German State. > - > > Repository URL: https://www.bundesdruckerei.de/en/Repository > > Certificates Requested for Inclusion: > > 1. > > D-Trust SBR Root CA 1 2022: > - > > 384-bit ECC > - > > Certificate download links: (CA Repository > <http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_1_2022.crt>, > crt.sh > > <https://crt.sh/?sha256=D92C171F5CF890BA428019292927FE22F3207FD2B54449CB6F675AF4922146E2> > ) > - > > Use cases served/EKUs: > - > > Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > - > > Document Signing AATL 1.2.840.113583.1.1.5 > - > > Document Signing MS 1.3.6.1.4.1.311.10.3.12 > > > > 1. > > D-Trust SBR Root CA 2 2022: > - > > 4096-bit RSA > - > > Certificate download links: (CA Repository > <http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_2_2022.crt>, > crt.sh > > <https://crt.sh/?sha256=DBA84DD7EF622D485463A90137EA4D574DF8550928F6AFA03B4D8B1141E636CC> > ) > - > > Use cases served/EKUs: > - > > Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > - > > Document Signing AATL 1.2.840.113583.1.1.5 > - > > Document Signing MS 1.3.6.1.4.1.311.10.3.12 > > Relevant Policy and Practices Documentation: > > - > > Certificate Policy - CP of D-Trust GmbH > <https://www.d-trust.net/internet/files/D-TRUST_CP.pdf>, v.5.1, valid > from 28-Sept-2023 > - > > Trust Services Practice Statement - TSPS of D-Trust > <https://www1.d-trust.net/internet/files/D-TRUST_TSPS.pdf>, v.1.8, > valid from 28-Sept-2023 > - > > Certification Practice Statement - CPS of the D-Trust Root PKI > <https://www1.d-trust.net/internet/files/D-TRUST_Root_PKI_CPS.pdf>, > v.3.10, valid from 31-May-2023 > > Most Recent Self-Assessment / CPS Review: > > - > > D-Trust - CCADB Self Assessment (v1.2) 2023 > <https://bugzilla.mozilla.org/attachment.cgi?id=9361619> (XLS) > (2-November-2023) > > Audit Statements: > > - > > Auditor: TÜV Informationstechnik GmbH > - > > Audit Criteria: > - > > ETSI EN 319 411-1, V1.3.1 (2021-05) > - > > ETSI EN 319 401, V2.3.1 (2021-05) > - > > Baseline Requirements, version 1.8.4 > - > > ETSI EN 319 403 V2.2.2 (2015-08) > - > > ETSI TS 119 403-2 V1.2.4 (2020-11) > - > > Date of Audit Issuance: December 16, 2022 > - > > For Period of Time: 2022-07-06 to 2022-10-07 > - > > Audit Statement(s): > - > > > > https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2022121606_D-Trust_SBR_Root_CA_1_2022.pdf > - > > > > https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2022121607_D-Trust_SBR_Root_CA_2_2022.pdf > > > Thank you, > > Ben, on behalf of the CCADB Steering Committee > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtaYeT4hP8Yj1gNwbG68pA1CcjjZVaFy%3D5ds0aqi3JrU2Yg%40mail.gmail.com.
