Add Entrust G4 Root
Categories
(CA Program :: CA Certificate Root Program, task)
Tracking
(Not tracked)
People
(Reporter: bruce.morton, Assigned: kathleen.a.wilson)
References
Details
(Whiteboard: [ca-approved] - In NSS 3.48, FF 72; EV enabled in FF 76)
Attachments
(6 files)
Reporter | ||
Comment 1•7 years ago
|
||
Reporter | ||
Comment 2•7 years ago
|
||
Reporter | ||
Comment 3•7 years ago
|
||
Assignee | ||
Comment 4•7 years ago
|
||
Assignee | ||
Comment 5•7 years ago
|
||
Assignee | ||
Updated•7 years ago
|
Reporter | ||
Comment 6•7 years ago
|
||
Reporter | ||
Comment 7•7 years ago
|
||
Assignee | ||
Comment 8•7 years ago
|
||
Assignee | ||
Comment 9•7 years ago
|
||
Comment 10•7 years ago
|
||
Reporter | ||
Comment 11•7 years ago
|
||
Comment 12•7 years ago
|
||
Reporter | ||
Comment 13•7 years ago
|
||
Reporter | ||
Comment 15•6 years ago
|
||
(In reply to Wayne Thayer [:wayne] from comment #14)
Bruce: any update on this?
The CPS has been updated to address the EV $2000 USD issue, see https://www.entrustdatacard.com/-/media/documentation/licensingandagreements/ssl-cps-english-20190531-version-3_4.pdf.
Pre-issuance linting has been deployed and the separate incident report due to the late revocation has been issued and closed.
I failed to update CPS section 1.3.2 to state that a third-party cannot validate a domain name (or an IP address). This change will be in the next release which should be posted by the end of July 2019. I will post an update when the CPS is published.
Reporter | ||
Comment 16•6 years ago
|
||
The CPS has been updated and addresses the the third-party domain validation issue, see
https://www.entrustdatacard.com/-/media/documentation/licensingandagreements/ssl-cps-english-20190725-version-35.pdf. CPS section 1.3.2 states, "Third Party RAs may not be delegated to validate FQDNs nor IP Addresses per §3.2.2.4 or §3.2.2.5."
Comment 17•6 years ago
|
||
Discussion period has begun: https://groups.google.com/d/msg/mozilla.dev.security.policy/-4B6g8T-kis/q-xuaS0TDAAJ
Reporter | ||
Comment 18•6 years ago
|
||
This is a specified procedures audit report to address the qualified items in the annual BR/Network Security audit report.
Reporter | ||
Comment 19•6 years ago
|
||
(In reply to Wayne Thayer [:wayne] from comment #17)
Discussion period has begun: https://groups.google.com/d/msg/mozilla.dev.security.policy/-4B6g8T-kis/q-xuaS0TDAAJ
Per the discussion, sections 4.2 and 9.12.3 have been updated in the CPS, see https://www.entrustdatacard.com/-/media/documentation/licensingandagreements/ssl-cps-english-20190930-version-36.pdf.
Comment 20•6 years ago
|
||
Sent update to the list requesting any additional comments by 10/15.
Comment 21•6 years ago
|
||
The discussion period for this request has ended. I believe that all questions have been answered, so I am recommending approval of this request.
Link to the discussion: https://groups.google.com/d/msg/mozilla.dev.security.policy/-4B6g8T-kis/q-xuaS0TDAAJ
Assignee | ||
Comment 22•6 years ago
|
||
The information for this root inclusion request is available at the following URL.
https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000332
Assignee | ||
Comment 23•6 years ago
|
||
As per Comment #21, and on behalf of Mozilla I approve this request from Entrust to include the following root certificate:
** 'Entrust Root Certification Authority - G4' (Email, Websites), enable EV
I will file the NSS and PSM bugs for the approved changes.
Assignee | ||
Comment 24•6 years ago
|
||
I have filed bug #1591178 against NSS and bug #1591180 against PSM for the actual changes.
Assignee | ||
Updated•6 years ago
|
Assignee | ||
Updated•5 years ago
|
Updated•3 years ago
|
Description
•