Open Bug 1551703 Opened 1 year ago Updated 1 year ago

Enable EV for the "IdenTrust Commercial Root CA 1"

Categories

(NSS :: CA Certificate Root Program, task)

task
Not set

Tracking

(Not tracked)

ASSIGNED

People

(Reporter: roots, Assigned: wthayer)

Details

(Whiteboard: [ca-cps-review] - KW 2019-06-04)

Attachments

(2 files)

12.60 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Details
60.36 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36

Steps to reproduce:

This request is to enable EV for the "IdenTrust Commercial Root CA 1"
root certificate.
The information for this request has been entered into the CCADB here:
https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000417

Type: defect → enhancement
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Type: enhancement → task
Summary: Add IdenTrust root certificates → Enable EV for the "IdenTrust Commercial Root CA 1"

Bug #1339292 requested EV treatment for this "IdenTrust Commercial Root CA 1" root certificate, but the request was denied due to Bug #1500593 during the public discussion:

https://groups.google.com/d/msg/mozilla.dev.security.policy/fTeHAGGTBqg/ikgMfJeiAgAJ

Then I closed the bug/request with:
"This CA may re-apply for EV treatment for this root or for a new root by creating a new request"

Please explain the reason for re-applying for EV treatment for the same root.

(In reply to Kathleen Wilson from comment #1)

Bug #1339292 requested EV treatment for this "IdenTrust Commercial Root CA 1" root certificate, but the request was denied due to Bug #1500593 during the public discussion:

https://groups.google.com/d/msg/mozilla.dev.security.policy/fTeHAGGTBqg/ikgMfJeiAgAJ

Then I closed the bug/request with:
"This CA may re-apply for EV treatment for this root or for a new root by creating a new request"

Please explain the reason for re-applying for EV treatment for the same root.
IdenTrust is applying for extending our CA root “IdenTrust Commercial Root CA 1” to include EV SSL recognition with Mozilla browsers. We had previously submitted such request for the same root on March 2017, which was rejected on November 2018 with the conclusion: “This CA may re-apply for EV treatment for this root or for a new root by creating a new request”. The rejection of the previous application was due to failure by IdenTrust to disclose and remediate mis-issuance of 3 SSL certificates in February 2018 in a timely manner (https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/fTeHAGGTBqg/ikgMfJeiAgAJ and Bug #1500593).

We are reapplying because we have successfully remediated the behavior that prompted denial of the previous application. Since February 2018, we have disclosed and remediated issues that demonstrates our commitment to disclosure and remediation in line with expectations of the CA/B Forum and Mozilla community. In addition, we have established improved controls including the performance of periodic internal audits to ensure CA/B Forum and Mozilla Root policy compliance. Examples of these are: (i) Bug #1526099; and Bug#1542082. It should be noted that all reported items will also be included in our annual audit findings scheduled to be published in September 2019.

The information for this root inclusion request is available at the following URL.

https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000417

This request is ready for the Detailed CP/CPS Review phase, step 3 of
https://wiki.mozilla.org/CA/Application_Process#Process_Overview
so assigning this bug to Wayne.

There is a queue waiting for detailed CP/CPS reviews:
https://wiki.mozilla.org/CA/Dashboard#Detailed_CP.2FCPS_Review

Assignee: kwilson → wthayer
Whiteboard: [ca-cps-review] - KW 2019-06-04
You need to log in before you can comment on or make changes to this bug.