Add HARICA 2021 SMIME Root CA Certificates to Mozilla Root store program
Categories
(CA Program :: CA Certificate Root Program, task, P1)
Tracking
(Not tracked)
People
(Reporter: jimmy, Assigned: bwilson)
References
Details
(Whiteboard: [ca-approved] - In NSS 3.71, FF 94)
Attachments
(4 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Reporter | ||
Comment 1•3 years ago
|
||
HARICA would like to request the addition of two Root CA Certificates to NSS and the Mozilla root store, and enable the Email trust bit. These roots are not intended to be used for TLS Server authentication.
All HARICA SMIME certificates will eventually be migrated to be issued from subCAs chaining to these roots.
We will start working on a new CCADB case to add information about these two root certificates. We expect these new roots to be included in the audit attestation of our current audit cycle ending 2021-03-29.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Reporter | ||
Comment 2•3 years ago
|
||
Reporter | ||
Comment 3•3 years ago
|
||
Reporter | ||
Comment 4•3 years ago
|
||
Assignee | ||
Updated•3 years ago
|
Reporter | ||
Comment 5•3 years ago
|
||
The AAL is also available through from our auditor's web site https://www.qmscert.com/share/040321-01-KG-AAL.pdf
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 6•3 years ago
|
||
See CPS review here - https://bugzilla.mozilla.org/show_bug.cgi?id=1695487#c6
Assignee | ||
Comment 7•3 years ago
|
||
Public discussion on this request was announced here - https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/UAmBtcVvBKw/m/o5cYt-dFAAAJ. The public discussion period is scheduled to close on 11-June-2021.
Reporter | ||
Updated•3 years ago
|
Assignee | ||
Comment 8•3 years ago
|
||
The 3-week public discussion period has now passed and there were no objections to this inclusion request. See https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/UAmBtcVvBKw/m/5nZlAMk7BAAJ in which I indicated that it is Mozilla’s intent to approve HARICA’s requests for EV enablement/inclusion and started the 7-day “last call” period (through June 22, 2021) for any final objections.
Comment 9•3 years ago
|
||
As per Comment #8, and on behalf of Mozilla I approve this request from HARICA to include the following root certificates:
** HARICA Client RSA Root CA 2021 (Email)
** HARICA Client ECC Root CA 2021 (Email)
I will file the NSS bug for the approved changes.
Comment 10•3 years ago
|
||
I have filed bug #1717707 against NSS for the actual changes.
Updated•3 years ago
|
Updated•1 year ago
|
Description
•