Open Bug 1592138 Opened 4 months ago Updated 4 months ago

Add Macao Post eSignTrust root certificate

Categories

(NSS :: CA Certificate Root Program, task, enhancement)

task
Not set
enhancement

Tracking

(Not tracked)

ASSIGNED

People

(Reporter: kwilson, Assigned: kwilson)

Details

(Whiteboard: [ca-verifying] - KW 2019-10-28 - Comment #2 )

A representative of Macao Post created a Root Inclusion Case here:

https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000396

The Case was created on 2/28/2019, but I did not ever see a corresponding Bugzilla Bug about it, so creating one now.
(reference: https://wiki.mozilla.org/CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request)

The request is to include the following root certificate:
CN=eSignTrust Root Certification Authority (G03); O=Macao Post and Telecommunications Bureau; C=MO
SHA-256 Fingerprint: 0E30D04A94DCC423E26FDC4C24AFCF4923BD80D83B661B06A2F5856361560407
Serial Number: 3CFB7DF47EA4B4C672A03FC3D25C7CC6
Valid From: 1/1/2017
Valid To: 12/31/2041

The "Macao Post eSignTrust Root Certification Authority (G02)" root certificate is currently in Microsoft's program, with the Client Authentication trust bit enabled.

Audit Statement for period 2/1/2017 - 2/28/2018:
https://www.cpacanada.ca/generichandlers/aptifyattachmenthandler.ashx?attachmentid=221255

Audit Statement for period 3/1/2018 - 2/28/2019:
https://www.cpacanada.ca/generichandlers/aptifyattachmenthandler.ashx?attachmentid=229895

The link below shows the information that has been verified for this root inclusion request. Search in the page for the word "NEED" to see where further clarification is requested. Please add a comment to this bug when you have provided all of the requested information.

https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000396

In particular, please provide the following:

  1. Version table or changelog in the CPS.
    https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#CP.2FCPS_Revision_Table

  2. Check usage of "No stipulation" throughout CPS.
    https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#CP.2FCPS_Structured_According_to_RFC_3647
    The words "No Stipulation" mean that the particular document imposes no requirements related to that section.

  3. CPS section that describes how the CA must verify the email address to be included in the certificate.
    https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#Verifying_Email_Address_Control

  4. A public URL through which the CA certificate can be directly downloaded.

  5. Add records for the existing intermediate certs to the CCADB as described here: https://ccadb.org/cas/intermediates#adding-intermediate-certificate-data

Summary: Add Macao Post root certificate → Add Macao Post eSignTrust root certificate
Whiteboard: [ca-verifying] → [ca-verifying] - KW 2019-10-28 - Comment #2
Status: NEW → ASSIGNED
You need to log in before you can comment on or make changes to this bug.