Greetings, This is a reminder that the public discussion period on the inclusion application of D-Trust will close next Friday, December 15, 2023.
Thank you, Ben Wilson, on behalf of the CCADB Steering Committee On Mon, Nov 6, 2023 at 10:02 AM Ben Wilson <[email protected]> wrote: > All, > > Regarding the D-Trust Certification Practice Statement—instead of > referencing the D-Trust Root PKI CPS, it should have referenced the CPS of > the D-Trust CSM PKI, v.4.0, valid from 28-September-2023 ( > https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf) (from 19 > July 2023, the CSM PKI CPS applies to certificates with policy levels > QEVCP-w, QNCP-w, EVCP, OVCP and LCP). > > Also, it didn’t mention the following Bugzilla bugs opened in the past 24 > months: > > 1756122 <https://bugzilla.mozilla.org/show_bug.cgi?id=1756122> > > D-TRUST: Wrong key usage (Key Agreement) > <https://bugzilla.mozilla.org/show_bug.cgi?id=1756122> > > RESOLVED > > [dv-misissuance] > > 1793440 <https://bugzilla.mozilla.org/show_bug.cgi?id=1793440> > > D-TRUST: CRL not DER-encoded > <https://bugzilla.mozilla.org/show_bug.cgi?id=1793440> > > RESOLVED > > [crl-failure] > > 1861069 <https://bugzilla.mozilla.org/show_bug.cgi?id=1861069> > > D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field > within subject <https://bugzilla.mozilla.org/show_bug.cgi?id=1861069> > > OPEN > > [dv-misissuance] > > 1862082 <https://bugzilla.mozilla.org/show_bug.cgi?id=1862082> > > D-Trust: Delay beyond 5 days in revoking misissued certificate > <https://bugzilla.mozilla.org/show_bug.cgi?id=1862082> > > OPEN > > [leaf-revocation-delay] > > > > Ben > > On Fri, Nov 3, 2023 at 9:39 AM Ben Wilson <[email protected]> wrote: > >> All, >> >> This email commences a six-week public discussion of D-Trust’s request to >> include the following CA certificates as publicly trusted root certificates >> in one or more CCADB Root Store Member’s program. This discussion period is >> scheduled to close on December 15, 2023. >> >> The purpose of this public discussion process is to promote openness and >> transparency. However, each Root Store makes its inclusion decisions >> independently, on its own timelines, and based on its own inclusion >> criteria. Successful completion of this public discussion process does not >> guarantee any favorable action by any root store. >> >> Anyone with concerns or questions is urged to raise them on this CCADB >> Public list by replying directly in this discussion thread. Likewise, a >> representative of the applicant must promptly respond directly in the >> discussion thread to all questions that are posted. >> >> CCADB Case Numbers: # 1000 >> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001000> >> and # 1001 >> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001001> >> >> Organization Background Information (listed in CCADB): >> >> - >> >> CA Owner Name: D-Trust GmbH >> - >> >> Website: https://www.d-trust.net/en >> - >> >> Address: Kommandantenstr. 15, Berlin, 10969, Germany >> - >> >> Problem Reporting Mechanisms: >> - >> >> https://www.d-trust.net/en/support/reporting-certificate-problem >> - >> >> Organization Type: D-Trust GmbH is a subsidiary of the >> Bundesdruckerei Group GmbH (bdr) and is fully owned by the German State. >> - >> >> Repository URL: https://www.bundesdruckerei.de/en/Repository >> >> Certificates Requested for Inclusion: >> >> 1. >> >> D-Trust SBR Root CA 1 2022: >> - >> >> 384-bit ECC >> - >> >> Certificate download links: (CA Repository >> <http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_1_2022.crt>, >> crt.sh >> >> <https://crt.sh/?sha256=D92C171F5CF890BA428019292927FE22F3207FD2B54449CB6F675AF4922146E2> >> ) >> - >> >> Use cases served/EKUs: >> - >> >> Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 >> - >> >> Client Authentication 1.3.6.1.5.5.7.3.2 >> - >> >> Document Signing AATL 1.2.840.113583.1.1.5 >> - >> >> Document Signing MS 1.3.6.1.4.1.311.10.3.12 >> >> >> >> 1. >> >> D-Trust SBR Root CA 2 2022: >> - >> >> 4096-bit RSA >> - >> >> Certificate download links: (CA Repository >> <http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_2_2022.crt>, >> crt.sh >> >> <https://crt.sh/?sha256=DBA84DD7EF622D485463A90137EA4D574DF8550928F6AFA03B4D8B1141E636CC> >> ) >> - >> >> Use cases served/EKUs: >> - >> >> Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 >> - >> >> Client Authentication 1.3.6.1.5.5.7.3.2 >> - >> >> Document Signing AATL 1.2.840.113583.1.1.5 >> - >> >> Document Signing MS 1.3.6.1.4.1.311.10.3.12 >> >> Relevant Policy and Practices Documentation: >> >> - >> >> Certificate Policy - CP of D-Trust GmbH >> <https://www.d-trust.net/internet/files/D-TRUST_CP.pdf>, v.5.1, valid >> from 28-Sept-2023 >> - >> >> Trust Services Practice Statement - TSPS of D-Trust >> <https://www1.d-trust.net/internet/files/D-TRUST_TSPS.pdf>, v.1.8, >> valid from 28-Sept-2023 >> - >> >> Certification Practice Statement - CPS of the D-Trust Root PKI >> <https://www1.d-trust.net/internet/files/D-TRUST_Root_PKI_CPS.pdf>, >> v.3.10, valid from 31-May-2023 >> >> Most Recent Self-Assessment / CPS Review: >> >> - >> >> D-Trust - CCADB Self Assessment (v1.2) 2023 >> <https://bugzilla.mozilla.org/attachment.cgi?id=9361619> (XLS) >> (2-November-2023) >> >> Audit Statements: >> >> - >> >> Auditor: TÜV Informationstechnik GmbH >> - >> >> Audit Criteria: >> - >> >> ETSI EN 319 411-1, V1.3.1 (2021-05) >> - >> >> ETSI EN 319 401, V2.3.1 (2021-05) >> - >> >> Baseline Requirements, version 1.8.4 >> - >> >> ETSI EN 319 403 V2.2.2 (2015-08) >> - >> >> ETSI TS 119 403-2 V1.2.4 (2020-11) >> - >> >> Date of Audit Issuance: December 16, 2022 >> - >> >> For Period of Time: 2022-07-06 to 2022-10-07 >> - >> >> Audit Statement(s): >> - >> >> >> >> https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2022121606_D-Trust_SBR_Root_CA_1_2022.pdf >> - >> >> >> >> https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2022121607_D-Trust_SBR_Root_CA_2_2022.pdf >> >> >> Thank you, >> >> Ben, on behalf of the CCADB Steering Committee >> > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtaZTiuhNjaTmALHqJ1UA%3DRYmp7tUP8XSVha4BAFxnMyd%3Dg%40mail.gmail.com.
