All, This email commences a six-week public discussion of Firmaprofesional’s request to include the “FIRMAPROFESIONAL CA ROOT-A WEB” as a publicly trusted root certificate in one or more CCADB Root Store Member’s program. This discussion period is scheduled to close on March 13, 2024.
The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any root store. Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of the applicant must promptly respond directly in the discussion thread to all questions that are posted. CCADB Case Number: 00001044 <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001044>; Bugzilla: 1785215 <https://bugzilla.mozilla.org/show_bug.cgi?id=1785215> Organization Background Information (listed in CCADB): - CA Owner Name: Autoridad de Certificacion Firmaprofesional; Firmaprofesional S.A. - Website(s): https://www.firmaprofesional.com/ - Address: Passeig de Gracia 50, 2º1º, Barcelona E-08007, Spain - Problem Reporting Mechanism(s): [email protected] - Organization Type: Firmaprofesional S.A. is a commercial entity in Spain (NIF A62634068) - Repository URL: https://www.firmaprofesional.com/certification-policies-and-practices/ Certificates Requesting Inclusion: 1. FIRMAPROFESIONAL CA ROOT-A WEB: - Certificate download links: (CA Repository <https://crl.firmaprofesional.com/caroot-a_web.crt>, crt.sh <https://crt.sh/?sha256=BEF256DAF26E9C69BDEC1602359798F3CAF71821A03E018257C53C65617F3D4A> ) - Use cases served/EKUs: - Server Authentication 1.3.6.1.5.5.7.3.1 - Client Authentication 1.3.6.1.5.5.7.3.2 - Test websites: - Valid: https://testsslev2022ec.firmaprofesional.com - Revoked: https://testrevokedsslev2022ec.firmaprofesional.com - Expired: https://testexpiredsslev2022ec.firmaprofesional.com Existing Publicly Trusted Root CAs from Firmaprofesional S.A.: 1. Autoridad de Certificacion Firmaprofesional CIF A62634068: - Certificate download links: CA Repository <https://crl.firmaprofesional.com/caroot.crt> (most recent), - crt.sh <https://crt.sh/?q=57DE0583EFD2B26E0361DA99DA9DF4648DEF7EE8441C3B728AFA9BCDE0F9B26A> (most recent root certificate, included in Google, Microsoft, and Mozilla) - crt.sh <https://crt.sh/?q=04048028BF1F2864D48F9AD4D83294366A828856553F3B14303F90147F5D40EF> (prior root certificate, included in Apple, Microsoft) - Use cases served/EKUs: - Server Authentication 1.3.6.1.5.5.7.3.1 - Client Authentication 1.3.6.1.5.5.7.3.2 - Certificate Corpus (subCAs and OCSP): here <https://search.censys.io/search?resource=certificates&q=parsed.extensions.authority_key_id%3A+65cdebab351e003e7ed574c01cb473470e1a642f> (requires Censys account) - Included in: Apple, Chrome, Microsoft, Mozilla Relevant Policy and Practices Documentation: - Firmaprofesional CPS in English <https://www.firmaprofesional.com/wp-content/uploads/pdfs/FP_CPS-230413-EN-sFP.pdf>, version 230413 - Firmaprofesional Website Authentication Certificates CP in English <https://www.firmaprofesional.com/wp-content/uploads/pdfs/FP_CP_Autenticacion_Web-230616-EN-sFP.pdf>, version 230616 Most Recent Self-Assessment: - https://bugzilla.mozilla.org/attachment.cgi?id=9369465 (reviewed 12/19/2023) Audit Statements: - Auditor: DEKRA Testing and Certification, S.A.U. <https://www.dekra.com/en/home/> (accredited by ENAC <https://www.enac.es/documents/7020/9a29e298-3657-408e-b140-a8e70bf9dc09> ) - Audit Criteria: ETSI - Date of Audit Issuance: June 1, 2023 - For Period Ending: March 27, 2023 - Audit Statement(s): https://www.dekra.com/media/2302-fpr-fr-aal.pdf Incident Summary (Bugzilla incidents from previous 24 months): Bugzilla Title Opened 1769240 <https://bugzilla.mozilla.org/show_bug.cgi?id=1769240> Firmaprofesional: 2022 - SSL certificates issued with wrong Organization ID number <https://bugzilla.mozilla.org/show_bug.cgi?id=1769240> 2022-05-13 1771715 <https://bugzilla.mozilla.org/show_bug.cgi?id=1771715> Firmaprofesional: 2022 - StateorProvince field <https://bugzilla.mozilla.org/show_bug.cgi?id=1771715> 2022-05-30 1771722 <https://bugzilla.mozilla.org/show_bug.cgi?id=1771722> Firmaprofesional: 2022 - Title field <https://bugzilla.mozilla.org/show_bug.cgi?id=1771722> 2022-05-30 1771724 <https://bugzilla.mozilla.org/show_bug.cgi?id=1771724> Firmaprofesional: 2022 - CPS without correct explanation about difference between OCSP and CRL <https://bugzilla.mozilla.org/show_bug.cgi?id=1771724> 2022-05-30 1771727 <https://bugzilla.mozilla.org/show_bug.cgi?id=1771727> Firmaprofesional: 2022 - Define Device Obsolescence Process <https://bugzilla.mozilla.org/show_bug.cgi?id=1771727> 2022-05-30 1832338 <https://bugzilla.mozilla.org/show_bug.cgi?id=1832338> Firmaprofesional: 2023 - Ensure Timestamp service Logs Integrity <https://bugzilla.mozilla.org/show_bug.cgi?id=1832338> 2023-05-10 1832342 <https://bugzilla.mozilla.org/show_bug.cgi?id=1832342> Firmaprofesional: 2023 - documentary inconsistency <https://bugzilla.mozilla.org/show_bug.cgi?id=1832342> 2023-05-10 Thank you, Ben, on behalf of the CCADB Steering Committee -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtaY9sZAfTDhhSz04mu82wqydxwcHTZmW8ep2Nh1xJv_3gQ%40mail.gmail.com.
