Add GlobalSign SMIME Roots to Mozilla root store
Categories
(CA Program :: CA Certificate Root Program, task)
Tracking
(Not tracked)
People
(Reporter: julie.olson, Assigned: bwilson)
References
Details
(Whiteboard: [ca-approved] - In NSS 3.63, FF 88)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Steps to reproduce:
GlobalSign is requesting the addition of two SMIME roots to be embedded in the Mozilla root store. These roots are for SMIME issuance only, with the intent of chaining our SMIME product line to these roots rather than using our standard TLS roots.
|
||
Updated•5 years ago
|
|
Reporter | |
Comment 1•5 years ago
|
||
I have begun filling in a CCADB case to track these two root certificates. We are still awaiting copies of our audit statements for the most recent audit cycle ending 3/31/2020.
|
Assignee | |
Updated•4 years ago
|
|
|
Reporter | |
Comment 2•4 years ago
|
||
Hi Mozilla review team,
Please note I have added the WebTrust Audit details to the above CCADB case.
Please let me know what other details should be added to move this request along in queue.
Thanks!
|
|
Assignee | |
Comment 3•4 years ago
|
||
Performed initial case review. Asking about official corporate name. Also, next step is to review email verification practices.
|
|
Assignee | |
Comment 4•4 years ago
|
||
Globalsign needs to complete the PKI Hierarchy section for each Root Case.
|
|
Assignee | |
Updated•4 years ago
|
|
|
Reporter | |
Comment 5•4 years ago
|
||
Hi Ben,
The hierarchies for these two sites are available on CCADB, please let me know if something else is needed for your review.
Thanks!
|
|
Assignee | |
Comment 6•4 years ago
|
||
This inclusion request has now been moved to the CP/CPS verification stage.
|
|
Assignee | |
Comment 7•4 years ago
|
||
See CPS review here - https://bugzilla.mozilla.org/show_bug.cgi?id=1570724#c12
|
|
Assignee | |
Updated•4 years ago
|
|
|
Reporter | |
Comment 8•4 years ago
|
||
Hi Ben,
We have published a new version of our CP/CPS that should address most of your meh/bad comments above. The updated documents can be found in our repository: https://www.globalsign.com/en/repository
Let me know if you have any questions or need anything else. Thanks!
|
|
Assignee | |
Comment 9•4 years ago
|
||
See follow-up CPS review here - https://bugzilla.mozilla.org/show_bug.cgi?id=1570724#c15
|
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Comment 10•4 years ago
|
||
Discussion period announced on the m.d.s.p. list - https://groups.google.com/g/mozilla.dev.security.policy/c/Lq0WgPiQJPk
Scheduled to close on 2-2-2021.
|
|
||
Comment 11•4 years ago
|
||
Ben closed the discussion yesterday and stated Mozilla's intent to approve this request.
https://groups.google.com/g/mozilla.dev.security.policy/c/Lq0WgPiQJPk/m/lpZ2X_5aBAAJ
According to Step 10 in https://wiki.mozilla.org/CA/Application_Process#Process_Overview, "After one week, if no further questions or concerns are raised, then a representative of Mozilla may approve the request, by stating so in the bug."
|
|
||
Comment 12•4 years ago
|
||
As per Comment #11, and on behalf of Mozilla I approve this request from GlobalSign nv-sa to include the following root certificates:
- 'GlobalSign Secure Mail Root R45' (Email)
- 'GlobalSign Secure Mail Root E45' (Email)
I will file the NSS bug for the approved changes.
|
|
||
Comment 13•4 years ago
|
||
I have filed bug #1693173 against NSS for the actual changes.
|
|
||
Updated•4 years ago
|
|
||
Updated•2 years ago
|
Description
•