Closed Bug 833986 Opened 11 years ago Closed 7 years ago

Add Symantec-brand Class 1 and Class 2 roots

Categories

(CA Program :: CA Certificate Root Program, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: rick_andrews, Assigned: kwilson)

References

Details

(Whiteboard: In NSS 3.28.1, Firefox 51)

Attachments

(8 files, 2 obsolete files)

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Build ID: 20130116073211

Steps to reproduce:

I would like to add new Symantec roots to Mozilla's trust list:
Symantec Class 1 Public Primary Certification Authority - G7 (SHA256WithDSA2048)
Symantec Class 2 Public Primary Certification Authority - G7 (SHA256WithDSA2048)
Symantec Class 3 Public Primary Certification Authority - G7 (SHA256WithDSA2048)
Symantec Class 1 Public Primary Certification Authority - G4 (SHA384WithECCp384)
Symantec Class 2 Public Primary Certification Authority - G4 (SHA384WithECCp384)
Symantec Class 3 Public Primary Certification Authority - G4 (SHA384WithECCp384)
Symantec Class 1 Public Primary Certification Authority - G6 (SHA256WithRSA2048)
Symantec Class 2 Public Primary Certification Authority - G6 (SHA256WithRSA2048)
Symantec Class 3 Public Primary Certification Authority - G6 (SHA384WithRSA4096)
I apologize for the delay in my response. My work on root inclusion requests was postponed for a while.

I am accepting this bug, and will work on it as soon as possible, but I have a large backlog.
https://wiki.mozilla.org/CA:Schedule#Requests_in_the_Information_Gathering_and_Verification_Phase

I will update this bug when I begin the Information Verification phase.
https://wiki.mozilla.org/CA:How_to_apply#Information_Verification
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Symantec already has 34 root certs included in NSS. Please review the list of included Symantec root certs, and determine which of those may be phased out. I would like to see a time frame for removing some of the old root certs. 
Also, I would like more detail about which of the old roots will eventually be replaced by these new roots, and an approximate time frame for when the old roots will be phased out (assuming these new roots are included in 2013).

I only see 3 of these root certs in the download page that was given (https://www.symantec.com/page.jsp?id=roots).

OCSP is required, and is a blocker for moving forward with the approval process.

Need audit statement that includes these new roots/hierarchies.
Whiteboard: Information incomplete
We've tested one of the roots that issues SSL certs, Symantec Class 3 Public Primary Certification Authority - G7 (SHA256WithDSA2048), and don't see a green bar.

Below is the test_ev_roots.txt file content :

1_fingerprint 75:92:75:24:04:90:C9:E4:03:F3:B4:86:99:40:33:FF:F4:D7:E5:66
2_readable_oid 2.16.840.1.113733.1.7.54
3_issuer MIGUMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxRTBDBgNVBAMTPFN5bWFudGVjIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNw==
4_serial CFJoMC6+eik4Y3Mi3+VSDA==

Test web site: https://ssltest37.ssl.symclab.com

Please advise. Are we doing something wrong in building test_ev_roots.txt?
Kathleen,

We've tested EV with nightly FF 30 and the three Class 3 roots above, and don't see the green bar. Here's the relevant info:

1.	Symantec Class 3 PCA - G7 – ssltest37.ssl.symclab.com
Symantec Class 3 Public Primary Certification Authority – G7
1_fingerprint 75:92:75:24:04:90:C9:E4:03:F3:B4:86:99:40:33:FF:F4:D7:E5:66
2_readable_oid 2.16.840.1.113733.1.7.54
3_issuer MIGUMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxRTBDBgNVBAMTPFN5bWFudGVjIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNw==
4_serial CFJoMC6+eik4Y3Mi3+VSDA==
                 
2.	Symantec Class 3 PCA - G4 – ssltest36.ssl.symclab.com
Symantec Class 3 Public Primary Certification Authority - G4
1_fingerprint 58:D5:2D:B9:33:01:A4:FD:29:1A:8C:96:45:A0:8F:EE:7F:52:92:82
2_readable_oid 2.16.840.1.113733.1.7.23.6
3_issuer MIGUMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxRTBDBgNVBAMTPFN5bWFudGVjIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNA==
4_serial THm1miicdjFk9YlE0JEC3g==


3.	Symantec Class 3 PCA - G6 – ssltest38.ssl.symclab.com
Symantec Class 3 Public Primary Certification Authority - G6
1_fingerprint 26:A1:6C:23:5A:24:72:22:9B:23:62:80:25:BC:80:97:C8:85:24:A1
2_readable_oid 2.16.840.1.113733.1.7.23.6
3_issuer MIGUMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxRTBDBgNVBAMTPFN5bWFudGVjIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNg==
4_serial ZWNxhdNvRcaPfzH5CYeSgg==

Also, six of the roots (Class 1 and Class 2) are for S/MIME only, not SSL or code signing. Do you still need us to demonstrate OCSP support for those? How will you verify that?
(In reply to Kathleen Wilson from comment #3)
Please note that the qualified BR audit report sent via email covers all the roots requested above.
Also, please let us know the response to Rick's question above.

Thanks,
Rashmi
(In reply to Rashmi Tabada from comment #6)
> (In reply to Kathleen Wilson from comment #3)
> Please note that the qualified BR audit report sent via email covers all the
> roots requested above.

Mozilla policy and process requires public-facing audit statements.

https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/
"6. We require that all CAs whose certificates are distributed with our software products:  ...
- provide public attestation of their conformance to the stated verification requirements"

You can attach it to this bug, but keep in mind that anything you attach to the bug is public-facing.


(In reply to Rick Andrews from comment #5)
> 
> We've tested EV with nightly FF 30 and the three Class 3 roots above, and
> don't see the green bar. Here's the relevant info:
> 

Please check for the things listed here:
https://wiki.mozilla.org/PSM:EV_Testing_Easy_Version#Not_Getting_EV_Treatment.3F

> 
> Also, six of the roots (Class 1 and Class 2) are for S/MIME only, not SSL or
> code signing. Do you still need us to demonstrate OCSP support for those?

I only check for OCSP when the websites (SSL/TLS) trust bit is to be enabled.
Please also see https://bugzilla.mozilla.org/show_bug.cgi?id=833974#c17 as that applies to these roots as well.
(In reply to Kathleen Wilson from comment #8)
> Please also see https://bugzilla.mozilla.org/show_bug.cgi?id=833974#c17 as
> that applies to these roots as well.

Here's relevant quotes from a discussion regarding CP/CPS documentation.
https://groups.google.com/d/msg/mozilla.dev.security.policy/3lCs67vjz4M/fA1qDGRMGD4J
BR section 8.2.1: "The CA SHALL develop, implement, enforce, and annually update a Certificate Policy and/or Certification Practice Statement that describes in detail how the CA implements the latest version of these Requirements." 
When I review a CP/CPS, I'm looking for information that demonstrates compliance with Mozilla's policy. Among other things, I look for a description of the actions that a CA takes to confirm ownership/control of the domain name to be included in the certificate.
The EV Guidelines take subscriber verification to a higher level, so I am fine with a CP/CPS that says that *in addition* to the steps taken for DV/OV certs, the EV Guidelines are followed.
(In reply to Kathleen Wilson from comment #9)

Hi Kathleen,
Our process is documented on our supported pages; information that is shared publicly. Please see the link below:
https://knowledge.verisign.com/support/ssl-certificates-support/index.html
(Look at teh "Order Validation Support box")

Additionally, our process is also mentioned in Section 3.2.2 (Authentication of Organization identity) in the CPS: https://www.symantec.com/content/en/us/about/media/repository/stn-cps.pdf

Please let meknow if you have further questions.

Regards,
Rashmi
Please note that our BR audit reports are posted here:http://www.symantec.com/about/profile/policies/repository.jsp
Kathleen,

Please comment on which of the Symantec roots are in the Mozilla root store and which of those are EV-enabled.

Thanks,
Rashmi
(In reply to Rashmi Tabada from comment #12)
> Please comment on which of the Symantec roots are in the Mozilla root store
> and which of those are EV-enabled.

https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/included/
Now that there is a published BR audit statement, I'm ready to start working on this request. However, it's too big of a request to do all at once, so I would like to break it down into groups of 3 certs.

Would you prefer to start with all of the Class 3 certs, since those are most applicable to Mozilla products? i.e. start with these three:
Symantec Class 3 Public Primary Certification Authority - G7 (SHA256WithDSA2048)
Symantec Class 3 Public Primary Certification Authority - G4 (SHA384WithECCp384)
Symantec Class 3 Public Primary Certification Authority - G6 (SHA384WithRSA4096)

Or, would you prefer to group them based on G4, G6, and G7?
Hi Kath(In reply to Kathleen Wilson from comment #14)
> Now that there is a published BR audit statement, I'm ready to start working
> on this request. However, it's too big of a request to do all at once, so I
> would like to break it down into groups of 3 certs.
> 
> Would you prefer to start with all of the Class 3 certs, since those are
> most applicable to Mozilla products? i.e. start with these three:
> Symantec Class 3 Public Primary Certification Authority - G7
> (SHA256WithDSA2048)
> Symantec Class 3 Public Primary Certification Authority - G4
> (SHA384WithECCp384)
> Symantec Class 3 Public Primary Certification Authority - G6
> (SHA384WithRSA4096)
> 
> Or, would you prefer to group them based on G4, G6, and G7?

Hi Kathleen,
Below are the 3 groups of roots in priority order. I will log bugzilla tickets for the 2nd and 3rd groups of roots. FYI.

Group 1
Symantec Class 3 Public Primary Certification Authority - G7 (SHA256WithDSA2048)
Symantec Class 1 Public Primary Certification Authority - G6 (SHA256WithRSA2048)
Symantec Class 2 Public Primary Certification Authority - G6 (SHA256WithRSA2048)


Group 2
Symantec Class 3 Public Primary Certification Authority - G6 (SHA384WithRSA4096)
Symantec Class 3 Public Primary Certification Authority - G4 (SHA384WithECCp384)
Symantec Class 2 Public Primary Certification Authority - G4 (SHA384WithECCp384)

Group 3
Symantec Class 1 Public Primary Certification Authority - G4 (SHA384WithECCp384)
Symantec Class 2 Public Primary Certification Authority - G7 (SHA256WithDSA2048)
Symantec Class 1 Public Primary Certification Authority - G7 (SHA256WithDSA2048)

Regards,
Rashmi
Hi Kathleen,

The original number 1 request has been broken up into 3 bugs and below is the overall prioritized list:
1. Bug 833986 - Add new Symantec branded roots
2. Bug 1099311 - Add new Symantec branded roots 
3. Bug 1099315 - Add new Symantec branded roots 
4. Bug #833974 - VeriSign - set EV Trust Bit for an already included ECC root 
5. Bug #833998 - Thawte - set EV Trust Bit for an already included ECC root 
6. Bug #834004 - GeoTrust - set EV Trust Bit for an already included ECC root 
7. Bug #833996 - Thawte - Add new DSA root 
8. Bug #834001 - GeoTrust - Add new DSA root 

There are few other requests about turning off the trust bits which I assume will happen in parallel and don’t need to be prioritized in the list above.

Regards,
Rashmi
(In reply to Rashmi Tabada from comment #16)
> Hi Kathleen,
> 
> The original number 1 request has been broken up into 3 bugs and below is
> the overall prioritized list:
> 1. Bug 833986 - Add new Symantec branded roots
> 2. Bug 1099311 - Add new Symantec branded roots 
> 3. Bug 1099315 - Add new Symantec branded roots 
> 4. Bug #833974 - VeriSign - set EV Trust Bit for an already included ECC
> root 
> 5. Bug #833998 - Thawte - set EV Trust Bit for an already included ECC root 
> 6. Bug #834004 - GeoTrust - set EV Trust Bit for an already included ECC
> root 
> 7. Bug #833996 - Thawte - Add new DSA root 
> 8. Bug #834001 - GeoTrust - Add new DSA root 

Thanks. I will try to work on the first one next week.

> 
> There are few other requests about turning off the trust bits which I assume
> will happen in parallel and don’t need to be prioritized in the list above.

Correct. Turning off trust bits may be handled in a separate bug, and those types of changes not have to go through the approval process. The changes to turn off trust bits would just get added to the next batch of root changes.
(In reply to Rashmi Tabada from comment #15)
> Group 1
> Symantec Class 3 Public Primary Certification Authority - G7
> (SHA256WithDSA2048)
> Symantec Class 1 Public Primary Certification Authority - G6
> (SHA256WithRSA2048)
> Symantec Class 2 Public Primary Certification Authority - G6
> (SHA256WithRSA2048)

For each, please provide:
1) Test website (SSL) or test certificate and chain (for non-SSL)
2) URL to the corresponding CP/CPS
I'm not finding the "Symantec Class 3 Public Primary Certification Authority - G7" root on the web page: http://www.symantec.com/page.jsp?id=roots

What is the url for downloading this root cert?
From the STN-CPS: The STN includes four classes of Certificates, Classes 1-4. The CP is a single document that defines these certificate policies, one for each of the Classes, and sets STN Standards for each Class.

Does that mean there is a separate CP document for Class 1, and a different CP document for Class 2, etc?
If yes, please tell me how to find these documents.
(In reply to Kathleen Wilson from comment #20)
> From the STN-CPS: The STN includes four classes of Certificates, Classes
> 1-4. The CP is a single document that defines these certificate policies,
> one for each of the Classes, and sets STN Standards for each Class.
> 
> Does that mean there is a separate CP document for Class 1, and a different
> CP document for Class 2, etc?
> If yes, please tell me how to find these documents.

Hi Kathleen, 
The CPS is a single document that defines the policies for all 4 classes of Certs.

(In reply to Kathleen Wilson from comment #19)
> I'm not finding the "Symantec Class 3 Public Primary Certification Authority
> - G7" root on the web page: http://www.symantec.com/page.jsp?id=roots
> 
> What is the url for downloading this root cert?

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1885&actp=search&viewlocale=en_US&searchid=1417452592505
I have entered the information for this bug into SalesForce, and generated the attached document to show the current status.

Please search for "Need Clarification" to find all the areas where information/clarification is still needed.

Also, please review the full document to ensure all of the information is correct/complete.
Hi Kathleen,

I reviewed the document and I am unsure what "clarification" is still needed?  there is a response from us and then the "Verified?" says "Need Clarification from CA"...not sure what further clarification is needed. Please explain.

Thanks,
Rashmi
Need From Symantec:

1) Review my notes (in the attached document) regarding Symantec's responses to Mozilla's list Recommended Practices ( https://wiki.mozilla.org/CA:Recommended_Practices#CA_Recommended_Practices ). Are they accurate? Other than the clarifications noted, does Symantec follow the list of recommended practices on that wiki page?

2) Review my notes (in the attached document) regarding Symantec's responses to Mozilla's list of Potentially Problematic Practices (https://wiki.mozilla.org/CA:Problematic_Practices#Potentially_problematic_CA_practices ). Are my notes accurate? Other than the clarifications noted, does Symantec do any of those potentially problematic practices?

3) For each root certificate, please provide information about the CA hierarchy.
Are there any externally-operated subCAs chaining up to the root?
Or, will there be any externally-operated subCAs chaining up to the root?
How are they constrained according to sections 9 through 10 of https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ ?
Has the root been involved in cross-signing with other roots currently included in Mozilla's root store? If yes, which roots?
What technical constraints exist for external RAs?

4) For each root What is the link to the publicly disclosed/audited subCAs for this root? i.e. for the subCAs that are not
technically constrained. See https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Frequently_Asked_Questions

5) For the "Symantec Class 3 Public Primary Certification Authority - G7" root:
a) Provide a test website whose EV SSL cert chains up to this root.
b) Provide the CRL/OCSP urls for this CA hierarchy
c) Provide the EV Policy OID
d) Provide the successful EV test output https://wiki.mozilla.org/PSM:EV_Testing_Easy_Version
e) Which browsers has this root been included in?
f) Need CP/CPS section that describes the domain verification procedures that may be used for SSL certs. Please see https://wiki.mozilla.org/CA:BaselineRequirements#CA_Conformance_to_the_BRs "It is not sufficient to simply reference section 11 of the CA/Brower Forum's Baseline Requirements (BR). ...
(In reply to Rashmi Tabada from comment #15)
> Group 1
> Symantec Class 3 Public Primary Certification Authority - G7
> (SHA256WithDSA2048)

> Group 3
> Symantec Class 2 Public Primary Certification Authority - G7
> (SHA256WithDSA2048)
> Symantec Class 1 Public Primary Certification Authority - G7
> (SHA256WithDSA2048)

We are removing support for DSA/DSS certificates completely from Gecko and mozilla::pkix. Whether or not this certificate should be added should be contingent on the results of bug 1073867 and bug 1107787.
See Also: → 1073867, 1107787
(In reply to Kathleen Wilson from comment #26)
1. accurate
2. accurate
3-5.
Root Cases
(1)	Symantec Class 1 Public Primary Certification Authority – G6
   a)	Root will be used to sign Class 1 SubCAs for SMIME and Client Auth purposes.  SubCA keys will operate at Symantec or Symantec Affiliate sites.
   b)	Yes, there may be externally operated SubCAs chain to this Root.  The externally operated CAs will be run by Symantec Affiliates.
   c)	Has the root been involved in cross-signing with other roots currently included in Mozilla’s root store? If yes, which roots? No
   d)	How is the root constrained according to sections 9 through 10 of https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/?  The Root is audited.

(2)	Symantec Class 2 Public Primary Certification Authority – G6 root cert
   a)	Root will be used to sign Class 2 SubCAs for SMIME and Client Auth purposes.  SubCA keys will operate at Symantec or Symantec Affiliate sites.
   b)	There may be externally operated SubCAs chain to this Root.  The externally operated CAs will be run by Symantec Affiliates.
   c)	Has the root been involved in cross-signing with other roots currently included in Mozilla’s root store? If yes, which roots? No
   d)	How is the root constrained according to sections 9 through 10 of https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/? The Root is audited.

(3)	Symantec Class 3 Public Primary Certification Authority – G7
   a)	Root will be used to sign Class 3 SubCAs for SSL, CodeSigning, TimeStamping, Client Auth purposes. 
   b)	Are there or will there be any externally-operated subCAs chaining up to the root? No
   c)	Has the root been involved in cross-signing with other roots currently included in Mozilla’s root store? If yes, which roots? No
   d)	How is the root constrained according to sections 9 through 10 of https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/?  The Root is audited.
   e)	Provide a test website whose EV SSL cert chains up to this root. https://ssltest37.ssl.symclab.com
   f)    Provide the CRL/OCSP urls for this CA hierarchy
                  Root CA:  CRL = s1.symcb.com/pca3-g7.crl  OCSP = s2.symcb.com
                  EV SubCA: CRL = sp.symcb.com/sp.crl  OCSP = sp.symcd.com
   g) Provide the EV Policy OID - 2.16.840.1.113733.1.7.23.6
   h) Which browsers has this root been included in? None due to lack of support for DSA2 key sizes.
(In reply to Brian Smith (:briansmith, :bsmith, use NEEDINFO?) from comment #27)
> 
> We are removing support for DSA/DSS certificates completely from Gecko and
> mozilla::pkix. Whether or not this certificate should be added should be
> contingent on the results of bug 1073867 and bug 1107787.


I started a discussion about DSA support in mozilla.dev.security.policy.

https://groups.google.com/d/msg/mozilla.dev.security.policy/JFmDFlHILOY/PI4G7aU83kMJ

Symantec is the only CA I'm aware of who is trying to add DSA roots to Mozilla's root store, and it appears to be a priority for Symantec. So it would be very helpful if someone from Symantec will chime into the discussion to explain the need to support DSA certificates and the need to include DSA roots.
(In reply to Kathleen Wilson from comment #29)
> I started a discussion about DSA support in mozilla.dev.security.policy.
> 
> https://groups.google.com/d/msg/mozilla.dev.security.policy/JFmDFlHILOY/
> PI4G7aU83kMJ
> 
> Symantec is the only CA I'm aware of who is trying to add DSA roots to
> Mozilla's root store, and it appears to be a priority for Symantec. So it
> would be very helpful if someone from Symantec will chime into the
> discussion to explain the need to support DSA certificates and the need to
> include DSA roots.

The current consensus in the discussion is to not update Mozilla policy to support DSA, and to not include DSA roots. 

So, if you folks at Symantec feel strongly about including DSA roots, please contribute to the discussion to help us understand the need.
(In reply to Kathleen Wilson from comment #30)
Hi Kathleen,

Unable to find the forum on google groups. Please confirm the URL. Thanks.

Meanwhile, here is our response:
Symantec supports customer choice in algorithm selection and we have customers that take advantage of that choice (including DSA)today. Whether to support organizational policies that require the use of DSA or to provide an alternative to RSA in the event that any vulnerabilities in that algorithm are identified in the future, we recommend that Mozilla continues to distinguish itself from other browsers by continuing its support for DSA. Thank you.
(In reply to Rashmi Tabada from comment #31)
> (In reply to Kathleen Wilson from comment #30)
> Hi Kathleen,
> 
> Unable to find the forum on google groups. Please confirm the URL. Thanks.

https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/JFmDFlHILOY/PI4G7aU83kMJ

Please respond in the discussion.
Rashmi, 

Thank you for responding in the discussion in mozilla.dev.security.policy.

So far, yours is the only post in favor of adding DSA support to Mozilla's CA policy. So it is highly unlikely that we will add DSA support to Mozilla's CA policy, which means that we will not include DSA roots.

In regards to your argument to have an alternative to RSA, Symantec does already have ECC roots included.

Unless there is a very convincing argument to add DSA support to Mozilla's CA policy, I think we should proceed under the assumption that the DSA roots will not be approved for inclusion.

Please see Comment #15, and provide new priority order (in groups of 3 or less) in which we should proceed with the approval/inclusion process sans the DSA roots.

Thanks,
Kathleen
I just checked and FYI MS has not added the DSA roots either.
Thinking about, it is funny that VeriSign finally added support for DSA certificates way too late, after it already have been replaced by ECDSA (which they also added support for). Remember the RSA patent?
Mozilla does not plan to add DSA support to Mozilla's CA Certificate Policy, so we will not add DSA root certs to NSS.
https://groups.google.com/d/msg/mozilla.dev.security.policy/JFmDFlHILOY/KHJzcJezpnQJ

So how about if we work on the remaining Symantec-branded roots in this order?

Group 1 (this bug) - Symantec-branded roots that will will only have the Email trust bit enabled.
Symantec Class 1 Public Primary Certification Authority - G4 (SHA384WithECCp384)
Symantec Class 1 Public Primary Certification Authority - G6 (SHA256WithRSA2048)
Symantec Class 2 Public Primary Certification Authority - G6 (SHA256WithRSA2048)
Symantec Class 2 Public Primary Certification Authority - G4 (SHA384WithECCp384)

Group 2 (Bug #1099311) - Symantec-branded roots that will have the Websites trust bit enabled.
Symantec Class 3 Public Primary Certification Authority - G6 (SHA384WithRSA4096)
Symantec Class 3 Public Primary Certification Authority - G4 (SHA384WithECCp384)


OK?

If yes, then I'll close Bug #1099315, and proceed with processing the first group.
I think it would be better to start with the certs that will have the websites trust bit enabled (class 3, bug 1099311) since those are more more relevant for most users of NSS and Gecko.
Brian, from a Mozilla perspective, I agree with you. However, the NSS root store is used by others, so a representative of Symantec needs so state what their priorities are.
Hi Kathleen,

We are okay with Grouping as you've stated below.  Thanks.

-Rashmi

(In reply to Kathleen Wilson from comment #36)
> Mozilla does not plan to add DSA support to Mozilla's CA Certificate Policy,
> so we will not add DSA root certs to NSS.
> https://groups.google.com/d/msg/mozilla.dev.security.policy/JFmDFlHILOY/
> KHJzcJezpnQJ

So how about if we work on the remaining Symantec-branded
> roots in this order?

Group 1 (this bug) - Symantec-branded roots that will
> will only have the Email trust bit enabled.
Symantec Class 1 Public Primary
> Certification Authority - G4 (SHA384WithECCp384)
Symantec Class 1 Public
> Primary Certification Authority - G6 (SHA256WithRSA2048)
Symantec Class 2
> Public Primary Certification Authority - G6 (SHA256WithRSA2048)
Symantec
> Class 2 Public Primary Certification Authority - G4 (SHA384WithECCp384)
> Group 2 (Bug #1099311) - Symantec-branded roots that will have the Websites
> trust bit enabled.
Symantec Class 3 Public Primary Certification Authority -
> G6 (SHA384WithRSA4096)
Symantec Class 3 Public Primary Certification
> Authority - G4 (SHA384WithECCp384)


OK?

If yes, then I'll close Bug
> #1099315, and proceed with processing the first group.
I can't find the Class 1 and Class 2 G4 roots on Symantec's root cert download page
http://www.symantec.com/page.jsp?id=roots
Please point me to the correct page where I can find them.

What is the new URL for https://www.symantec.com/content/en/us/about/media/repository/ ?
I get a "Forbidden" error when I try to browse there now.

Also, please attach to this bug example/test certs that chain up to the roots for this batch (one example/test cert per root).
Group 1 (this bug) - Symantec-branded roots that will will only have the Email trust bit enabled.
Symantec Class 1 Public Primary Certification Authority - G4 (SHA384WithECCp384)
Symantec Class 1 Public Primary Certification Authority - G6 (SHA256WithRSA2048)
Symantec Class 2 Public Primary Certification Authority - G6 (SHA256WithRSA2048)
Symantec Class 2 Public Primary Certification Authority - G4 (SHA384WithECCp384)
Summary: Add new Symantec roots (DSA, ECC, RSA with SHA2) → Add Symantec-brand Class 1 and Class 2 roots
(In reply to Kathleen Wilson from comment #40)
> What is the new URL for
> https://www.symantec.com/content/en/us/about/media/repository/ ?
> I get a "Forbidden" error when I try to browse there now.
> 

Found it: https://www.symantec.com/about/profile/policies/repository.jsp
Hi Kathleen,

Do you need anything from us on this item?

Also, note the G4s do not seem to appear on your automated report from SFDC of pending roots. Kindly confirm.

Best,

Suhasini
(In reply to suhasini_anand from comment #42)
> Hi Kathleen,
> 
> Do you need anything from us on this item?

Please see Comment #40. 

> 
> Also, note the G4s do not seem to appear on your automated report from SFDC
> of pending roots. Kindly confirm.

That's because I don't have the cert download url for them yet, so I have not yet entered them into Salesforce.


Please also let me know when the CPS had been updated (and published on your website) regarding email verification procedures.
Depends on: 1229445
(In reply to Kathleen Wilson from comment #40)
> Also, please attach to this bug example/test certs that chain up to the
> roots for this batch (one example/test cert per root).
> Group 1 (this bug) - Symantec-branded roots that will will only have the
> Email trust bit enabled.
> Symantec Class 1 Public Primary Certification Authority - G4
> (SHA384WithECCp384)
> Symantec Class 1 Public Primary Certification Authority - G6
> (SHA256WithRSA2048)
> Symantec Class 2 Public Primary Certification Authority - G6
> (SHA256WithRSA2048)
> Symantec Class 2 Public Primary Certification Authority - G4
> (SHA384WithECCp384)

Hi Kathleen,
We don't have tests sites as these roots (Class 1 and Class 2) are NOT enabled for SSL.
Attached file Class1G4ExampleCert.cert (obsolete) —
Attachment #8705358 - Attachment is obsolete: true
I attached the example certs that were previously provided for these roots. I suppose we can go ahead and use these, even though they appear to be signed directly by the root.
In order to proceed, I need the Root Certificate Download URL for each root...

> Symantec Class 1 Public Primary Certification Authority - G4
> (SHA384WithECCp384)

Cannot find this one.

> Symantec Class 1 Public Primary Certification Authority - G6
> (SHA256WithRSA2048)

Root Certificate Download URL: https://www.symantec.com/content/en/us/enterprise/verisign/roots/PCA_1_G6.pem

> Symantec Class 2 Public Primary Certification Authority - G6
> (SHA256WithRSA2048)

Root Certificate Download URL: https://www.symantec.com/content/en/us/enterprise/verisign/roots/PCA_2_G6.pem


> Symantec Class 2 Public Primary Certification Authority - G4
> (SHA384WithECCp384)

Cannot find this one.


I have looked many times at http://www.symantec.com/page.jsp?id=roots and the only G4 root I see on that website is Class 3.

So for the Class 1 and Class 2 roots, do you want me to proceed with just the G6 roots?
The Symantec roots page have been updated and you should be able to download the roots for the 4 roots requested. Below are the specific links:

> Symantec Class 1 Public Primary Certification Authority - G4 (SHA384WithECCp384) - https://www.symantec.com/content/en/us/enterprise/verisign/roots/Symantec_Class_1_Public_Primary_Certification_Authority_G4.pem

> Symantec Class 1 Public Primary Certification Authority - G6 (SHA256WithRSA2048) - https://www.symantec.com/content/en/us/enterprise/verisign/roots/PCA_1_G6.pem

> Symantec Class 2 Public Primary Certification Authority - G6 (SHA256WithRSA2048) - https://www.symantec.com/content/en/us/enterprise/verisign/roots/PCA_2_G6.pem

> Symantec Class 2 Public Primary Certification Authority - G4 (SHA384WithECCp384) –
https://www.symantec.com/content/en/us/enterprise/verisign/roots/Symantec_Class_2_Public_Primary_Certification_Authority_G4.pem
This request has been added to the queue for public discussion.
https://wiki.mozilla.org/CA:Schedule#Queue_for_Public_Discussion
I will update this bug when I start the discussion.

In the meantime, please review the full document attached in Comment #53 to make sure it is current and accurate, and comment in this bug to confirm it is correct or to provide corrections/updates.
Whiteboard: Information incomplete → Ready for Public Discussion
Yes, the document attached in Comment #53 is current and accurate.
Attached file 833986-CAInformation-Final.pdf (obsolete) —
Hi,

Since you have updated CP/CPS documents which published on 2016/09/09, we review and put the update based on your new CP/CPS into Salesforce. Please find the full document attached in Comment #55. ready for public discussion.

Thanks,
Aaron
With updated audit link.
Attachment #8798360 - Attachment is obsolete: true
I am now opening the public discussion period for this request from Symantec to include the following 4 root certificates and enable the Email trust bit for them.
1) Symantec Class 1 Public Primary Certification Authority - G6
2) Symantec Class 2 Public Primary Certification Authority - G6
3) Symantec Class 1 Public Primary Certification Authority - G4
4) Symantec Class 2 Public Primary Certification Authority - G4 

For a description of the public discussion phase, see https://wiki.mozilla.org/CA:How_to_apply#Public_discussion

Public discussion will be in the mozilla.dev.security.policy forum.
https://www.mozilla.org/en-US/about/forums/#dev-security-policy

The discussion thread is called "Include Symantec-brand Class 1 and Class 2 Root Certs".

Please actively review, respond, and contribute to the discussion.

A representative of this CA must promptly respond directly in the discussion thread to all questions that are posted.
Whiteboard: Ready for Public Discussion → In Public Discussion
The public comment period for this request is now over.

This request has been evaluated as per Mozilla’s CA Certificate Inclusion Policy at

https://www.mozilla.org/about/governance/policies/security-group/certs/policy/inclusion/

Here follows a summary of the assessment. If anyone sees any factual errors, please point them out.

Inclusion Policy Section 4 [Technical]. 
I am not aware of instances where Symantec has knowingly issued certificates for fraudulent use. If anyone knows of any such issues or instances, please note them in this bug. 

Inclusion Policy Section 6 [Relevance and Policy].
Symantec appears to provide a service relevant to Mozilla users. It is a major commercial CA with worldwide operations and customer base.

Root Certificate Name: Symantec Class 1 Public Primary Certification Authority - G4
O From Issuer Field: Symantec Corporation
Trust Bits: Email
Root Certificate Download URL: https://www.symantec.com/content/en/us/enterprise/verisign/roots/Symantec_Class_1_Public_Primary_Certification_Authority_G4.pem

Root Certificate Name: Symantec Class 2 Public Primary Certification Authority - G4
O From Issuer Field: Symantec Corporation
Trust Bits: Email
Root Certificate Download URL: https://www.symantec.com/content/en/us/enterprise/verisign/roots/Symantec_Class_2_Public_Primary_Certification_Authority_G4.pem

Root Certificate Name: Symantec Class 1 Public Primary Certification Authority - G6
O From Issuer Field: Symantec Corporation
Trust Bits: Email
Root Certificate Download URL: https://www.symantec.com/content/en/us/enterprise/verisign/roots/PCA_1_G6.pem

Root Certificate Name: Add Symantec Class 2 Public Primary Certification Authority - G6 root cert
O From Issuer Field: Symantec Corporation
Trust Bits: Email
Root Certificate Download URL: https://www.symantec.com/content/en/us/enterprise/verisign/roots/PCA_2_G6.pem

CA Document Repository: https://www.symantec.com/about/profile/policies/repository.jsp
CP: https://www.symantec.com/content/en/us/about/media/repository/stn-cp.pdf
CPS: https://www.symantec.com/content/en/us/about/media/repository/stn-cps.pdf

Certificate Revocation
CRL URL(s):
http://crl.ws.symantec.com/pca1-g4.crl
http://crl.ws.symantec.com/pca2-g4.crl
http://crl.ws.symantec.com/pca1-g6.crl
http://crl.ws.symantec.com/pca2-g6.crl

Inclusion Policy Section 7 [Validation]. 
Symantec appears to meet the minimum requirements for subscriber verification, as follows:

* Email Verification Procedures are described in section 3.2 of the CP and CPS, and show that Symantec (or the RA or enterprise administrator) confirms that the certificate subscriber owns/controls the email address to be included in the certificate.

* SSL Verification Procedures: Not requesting the Websites trust bit for these root certs.

* Code Signing Subscriber Verification Procedures: Mozilla is no longer accepting requests to enable the Code Signing trust bit.

Inclusion Policy Sections 11-14 [Audit]
Annual audits are performed by KPMG according to the WebTrust criteria.
https://www.symantec.com/content/en/us/about/media/repository/Symantec-STN-WTCA-2015.pdf
https://www.symantec.com/content/en/us/about/media/repository/1_symantec_stn_wtca_6-15-2016.pdf

Inclusion Policy Section 18 [Certificate Hierarchy]
These root certs will be used to sign Class 1 and Class 2 subordinate CAs for SMIME and Client Auth purposes. SubCA keys will operate at Symantec or Symantec Affiliate sites. 

Based on this assessment I intend to approve this request from Symantec to include the following 4 root certificates and enable the Email trust bit for them.
Symantec Class 1 Public Primary Certification Authority - G4
Symantec Class 2 Public Primary Certification Authority - G4 
Symantec Class 1 Public Primary Certification Authority - G6
Symantec Class 2 Public Primary Certification Authority - G6
Whiteboard: In Public Discussion → Pending Approval
As per the summary in Comment #60, and on behalf of Mozilla I approve this request from Symantec to include the following root certificates:

** "Symantec Class 1 Public Primary Certification Authority - G4" (email)
** "Symantec Class 2 Public Primary Certification Authority - G4" (email)
** "Symantec Class 1 Public Primary Certification Authority - G6" (email)
** "Symantec Class 2 Public Primary Certification Authority - G6" (email)

I will file the NSS bug for the approved changes.
Whiteboard: Pending Approval → Approved, Pending NSS Changes
Depends on: 1320783
I have filed bug #1320783 against NSS for the actual changes.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Whiteboard: Approved, Pending NSS Changes → In NSS 3.28.1, Firefox 51
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: