Re: TunRootCA2 root inclusion request

2018-02-28 Thread Olfa Kaddachi via dev-security-policy
Dear Jonathan, Given the misissued certificates in CT under the existing root, I believe this request should be rejected, and a new clean root with audits should be required before moving forward. ==>All the misissued certificates have been revoked by the NDCA and new correct ones were

Re: TunRootCA2 root inclusion request

2018-02-27 Thread Olfa Kaddachi via dev-security-policy
Dear Wayne, The TunRootCA2 root CA operates under the following CPS: http://www.certification.tn/pub/PC-PDC_AC_RACINE-NG-01-EN.pdf ==> The TunRootCA2 operates under a new version of the CP/CPS: : http://www.certification.tn/sites/default/files/documents/CPCPS-NG-EN-02.pdf The

Re: TunRootCA2 root inclusion request

2017-08-03 Thread Olfa Kaddachi via dev-security-policy
Dear Gerv, Given that some of these are BR requirements, why were these controls not in place already? ==> Some of these controls are already in place (such as the field CN and Subject Alternative Name that does not contain a private IP address). In addition to that NDCA has implemented a

Re: TunRootCA2 root inclusion request

2017-07-31 Thread Olfa Kaddachi via dev-security-policy
Hi Jonathan, Please find below the description of the technical and organizational controls required: 1) The currently process of certificates issuance is composed by 4 steps: step 1: Registration process: This step consists of the verification of the following items: •the subscriber identify