On May 10, 2024, we began a six-week, public discussion[1] on the request from Cybertrust Japan / JCSI for inclusion of its root certificate(s):
- SecureSign Root CA12 <https://crt.sh/?q=3F034BB5704D44B2D08545A02057DE93EBF3905FCE721ACBC730C06DDAEE904E> - SecureSign Root CA14 <https://crt.sh/?q=4B009C1034494F9AB56BBA3BA1D62731FC4D20D8955ADCEC10A925607261E338> - SecureSign Root CA15 <https://crt.sh/?q=E778F0F095FE843729CD1A0082179E5314A9C291442805E1FB1D8FB6B8886C3A> The public discussion period has now ended. We did not receive any objections or other questions or comments in opposition to Cybertrust Japan / JCSI’s request. We thank the community for its review and consideration during this period. Root Store Programs will make final inclusion decisions independently, on their own timelines, and based on each Root Store Member’s inclusion criteria. Further discussion may take place in the independently managed Root Store community forums (i.e., MDSP). [1] https://groups.google.com/a/ccadb.org/g/public/c/4OuyyOD-7ng/m/nl-bbjr-AQAJ Thank you -Chris, on behalf of the CCADB Steering Committee P.S. Members of this group may have noticed recent spam calendar invitation(s) related to past root inclusion public discussions. The CCADB Steering Committee only conducts root inclusion public discussions within this group as detailed on ccadb.org. Please ignore any spam as we continue to refine group moderation. The original senders have been blocked from the community. On Fri, Jun 14, 2024 at 2:57 PM Chris Clements <[email protected]> wrote: > All, > > This is a reminder that the public discussion period on the inclusion > application of Cybertrust Japan / JCSI will close on June 21, 2024. > > Thank you > -Chris, on behalf of the CCADB Steering Committee > > > On Fri, May 10, 2024 at 9:06 AM Chris Clements <[email protected]> > wrote: > >> All, >> >> This email commences a six-week public discussion of Cybertrust Japan / >> JCSI’s request to include the following three (3) certificates as publicly >> trusted root certificates in one or more CCADB Root Store Operator’s >> program. This discussion period is scheduled to close on June 21, 2024. >> >> The purpose of this public discussion process is to promote openness and >> transparency. However, each Root Store makes its inclusion decisions >> independently, on its own timelines, and based on its own inclusion >> criteria. Successful completion of this public discussion process does not >> guarantee any favorable action by any Root Store. >> >> Anyone with concerns or questions is urged to raise them on this CCADB >> Public list by replying directly in this discussion thread. Likewise, a >> representative of the applicant must promptly respond directly in the >> discussion thread to all questions that are posted. >> >> CCADB Case Number: 00000585 >> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00000585> >> >> Organization Background Information (listed in CCADB): >> >> - >> >> CA Owner Name: Cybertrust Japan / JCSI >> - >> >> Website: https://www.cybertrust.co.jp/ >> - >> >> Address: ARK Hills Sengokuyama Mori Tower 35F, 1-9-10 Roppongi, >> Minato-ku, Tokyo, 106-0032, Japan >> - >> >> Problem Reporting Mechanisms: [email protected] >> - >> >> Organization Type: Public Corporation >> - >> >> Repository URL: https://www.cybertrust.ne.jp/ssl/repository_rt/ >> >> Certificates Requested for Inclusion: >> >> 1. >> >> SecureSign Root CA12 (included in case 00000585 >> >> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00000585> >> ): >> - >> >> Certificate download links: (CA Repository >> <http://rtcrl.cybertrust.ne.jp/SecureSign/rtca12/rtca12.crt>, >> crt.sh >> >> <https://crt.sh/?q=3F034BB5704D44B2D08545A02057DE93EBF3905FCE721ACBC730C06DDAEE904E> >> ) >> - >> >> Use cases served/EKUs: >> 1. >> >> Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 >> 2. >> >> Client Authentication 1.3.6.1.5.5.7.3.2 >> - >> >> Test websites: >> 1. >> >> Valid: https://ss12-valid.managedpki.ne.jp >> 2. >> >> Revoked: https://ss12-revoked.managedpki.ne.jp >> 3. >> >> Expired: https://ss12-expired.managedpki.ne.jp >> 2. >> >> SecureSign Root CA14 (included in case 00000585 >> >> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00000585> >> ): >> - >> >> Certificate download links: (CA Repository >> <http://rtcrl.cybertrust.ne.jp/SecureSign/rtca14/rtca14.crt>, >> crt.sh >> >> <https://crt.sh/?q=4B009C1034494F9AB56BBA3BA1D62731FC4D20D8955ADCEC10A925607261E338> >> ) >> - >> >> Use cases served/EKUs: >> 1. >> >> Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 >> 2. >> >> Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 >> 3. >> >> Client Authentication 1.3.6.1.5.5.7.3.2 >> 4. >> >> Code Signing 1.3.6.1.5.5.7.3.3 >> 5. >> >> Time Stamping 1.3.6.1.5.5.7.3.8 >> - >> >> Test websites: >> 1. >> >> Valid: https://ss14-valid.managedpki.ne.jp >> 2. >> >> Revoked: https://ss14-revoked.managedpki.ne.jp >> 3. >> >> Expired: https://ss14-expired.managedpki.ne.jp >> 3. >> >> SecureSign Root CA15 (included in case 00000585 >> >> <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00000585> >> ): >> - >> >> Certificate download links: (CA Repository >> <http://rtcrl.cybertrust.ne.jp/SecureSign/rtca15/rtca15.crt>, >> crt.sh >> >> <https://crt.sh/?q=E778F0F095FE843729CD1A0082179E5314A9C291442805E1FB1D8FB6B8886C3A> >> ) >> - >> >> Use cases served/EKUs: >> 1. >> >> Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 >> 2. >> >> Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 >> 3. >> >> Client Authentication 1.3.6.1.5.5.7.3.2 >> 4. >> >> Code Signing 1.3.6.1.5.5.7.3.3 >> 5. >> >> Time Stamping 1.3.6.1.5.5.7.3.8 >> - >> >> Test websites: >> 1. >> >> Valid: https://ss15-valid.managedpki.ne.jp >> 2. >> >> Revoked: https://ss15-revoked.managedpki.ne.jp >> 3. >> >> Expired: https://ss15-expired.managedpki.ne.jp >> >> Existing Publicly Trusted Root CAs from Cybertrust Japan / JCSI: >> >> 1. >> >> SecureSign RootCA11: >> >> >> - >> >> Certificate download links: (CA Repository >> >> <http://rtcrl.managedpki.ne.jp/SecureSignAD/SecureSignRootCA11/SSAD-rca.crt>, >> crt.sh >> >> <https://crt.sh/?q=BF0FEEFB9E3A581AD5F9E9DB7589985743D261085C4D314F6F5D7259AA421612> >> ) >> - >> >> Use cases served/EKUs: >> - >> >> Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 >> - >> >> Client Authentication 1.3.6.1.5.5.7.3.2 >> - >> >> Certificate corpus: here >> >> <https://search.censys.io/search?resource=certificates&q=BF0FEEFB9E3A581AD5F9E9DB7589985743D261085C4D314F6F5D7259AA421612%09+and+labels%3Dever-trusted> >> (Censys login required) >> - >> >> Included in: Chrome, Microsoft, and Mozilla >> >> >> 2. >> >> Cybertrust iTrust Root Certification Authority: >> >> >> - >> >> Certificate download links: (CA Repository >> <http://crl.itrust.ne.jp/CybertrustiTrustRootCA/circa.crt>, crt.sh >> >> <https://crt.sh/?q=E90DBEB2D360CC6F98994EEFC68C4147F2DFD9C68A3BF063C6A971F3E11BAF4E> >> ) >> - >> >> Use cases served/EKUs: >> - >> >> Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 >> - >> >> Code Signing 1.3.6.1.5.5.7.3.3 >> - >> >> Certificate corpus: here >> >> <https://search.censys.io/search?resource=certificates&q=e90dbeb2d360cc6f98994eefc68c4147f2dfd9c68a3bf063c6a971f3e11baf4e+and+labels%3Dever-trusted> >> (Censys login required) >> - >> >> Included in: Microsoft >> >> Relevant Policy and Practices Documentation: >> >> The following policy documents apply to all applicant root CA >> certificates: >> >> - >> >> CP: https://www.cybertrust.ne.jp/ssl/repository_rt/CTJCP_English.pdf >> >> >> - >> >> CPS: https://www.cybertrust.ne.jp/ssl/repository_rt/CTJCPS_English.pdf >> >> >> Most Recent Self-Assessment: >> >> The following Self-Assessment applies to all applicant root CA >> certificates: >> >> - >> >> https://bugzilla.mozilla.org/attachment.cgi?id=9370203 (completed >> 12/25/2023) >> >> Audit Statements: >> >> - >> >> Auditor: KPMG <https://home.kpmg.com/us/en/home.html> (enrolled >> >> <https://www.cpacanada.ca/en/business-and-accounting-resources/audit-and-assurance/overview-of-webtrust-services/licensed-webtrust-practitioners-international> >> through WebTrust) >> - >> >> Audit Criteria: WebTrust >> - >> >> Date of Audit Issuance: 12/6/2023 >> - >> >> For Period Ending: 10/5/2023 >> - >> >> Audit Statement(s): >> - >> >> Standard Audit >> >> <https://cpa.cpacanada.ca/generichandlers/CPACHandler.ashx?attachmentid=776f4813-a74b-45c0-a0b7-d9458cb63878> >> (covers all applicant root CA certificates) >> - >> >> TLS BR Audit >> >> <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=aebe6e0f-5e5f-4085-a02e-29b1b1284095> >> (covers all applicant root CA certificates) >> - >> >> TLS EVG Audit >> >> <https://cpa.cpacanada.ca//GenericHandlers/CPACHandler.ashx?AttachmentID=4a71843c-7e5d-47f6-9b76-dad821913124> >> (covers all applicant root CA certificates) >> >> Incident Summary (Bugzilla incidents from previous 24 months): >> >> - >> >> 1827490 <https://bugzilla.mozilla.org/show_bug.cgi?id=1827490>: >> Cybertrust Japan: CRL signature algorithm encoding error >> >> >> Thank you >> >> -Chris, on behalf of the CCADB Steering Committee >> >> -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mDO0_xE%3Dg%2Boyf388Z%3DMj9Hwoy%3D7PFOzMZa0JkqNg%3D1iiA%40mail.gmail.com.
