Closed Bug 1695486 Opened 3 years ago Closed 3 years ago

Add HARICA 2021 SMIME Root CA Certificates to Mozilla Root store program

Categories

(CA Program :: CA Certificate Root Program, task, P1)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jimmy, Assigned: bwilson)

References

Details

(Whiteboard: [ca-approved] - In NSS 3.71, FF 94)

Attachments

(4 files)

HARICA's BR Self Assessment@Feb-2021.xlsx
35.69 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Details
test-smime-ecc.p7b
3.33 KB, application/x-pkcs7-certificates
Details
test-smime-rsa.p7b
6.36 KB, application/x-pkcs7-certificates
Details
RKGC 2021 Attestation Letter
271.03 KB, application/pdf
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0

HARICA would like to request the addition of two Root CA Certificates to NSS and the Mozilla root store, and enable the Email trust bit. These roots are not intended to be used for TLS Server authentication.

All HARICA SMIME certificates will eventually be migrated to be issued from subCAs chaining to these roots.

We will start working on a new CCADB case to add information about these two root certificates. We expect these new roots to be included in the audit attestation of our current audit cycle ending 2021-03-29.

Flags: needinfo?(jimmy)
Assignee: kwilson → bwilson
Status: UNCONFIRMED → ASSIGNED
Type: enhancement → task
Ever confirmed: true
Whiteboard: [ca-initial]
Priority: -- → P1
Attached file test-smime-ecc.p7b
Attached file test-smime-rsa.p7b
Whiteboard: [ca-initial] → [ca-verifying]

The AAL is also available through from our auditor's web site https://www.qmscert.com/share/040321-01-KG-AAL.pdf

Flags: needinfo?(bwilson)
Flags: needinfo?(bwilson)
Whiteboard: [ca-verifying] → [ca-cps-review] BW 2021-05-17

See CPS review here - https://bugzilla.mozilla.org/show_bug.cgi?id=1695487#c6

Public discussion on this request was announced here - https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/UAmBtcVvBKw/m/o5cYt-dFAAAJ. The public discussion period is scheduled to close on 11-June-2021.

Whiteboard: [ca-cps-review] BW 2021-05-17 → [ca-in-discussion] 2021-05-19
Flags: needinfo?(jimmy)

The 3-week public discussion period has now passed and there were no objections to this inclusion request. See https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/UAmBtcVvBKw/m/5nZlAMk7BAAJ in which I indicated that it is Mozilla’s intent to approve HARICA’s requests for EV enablement/inclusion and started the 7-day “last call” period (through June 22, 2021) for any final objections.

Whiteboard: [ca-in-discussion] 2021-05-19 → [ca-pending-approval] 2021-06-15

As per Comment #8, and on behalf of Mozilla I approve this request from HARICA to include the following root certificates:

** HARICA Client RSA Root CA 2021 (Email)
** HARICA Client ECC Root CA 2021 (Email)

I will file the NSS bug for the approved changes.

Whiteboard: [ca-pending-approval] 2021-06-15 → [ca-approved] - pending NSS code changes
Depends on: 1717707

I have filed bug #1717707 against NSS for the actual changes.

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Whiteboard: [ca-approved] - pending NSS code changes → [ca-approved] - In NSS 3.71, FF 94
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: