Closed Bug 1727941 Opened 4 years ago Closed 3 years ago

Add Certainly R1 and E1 Root Certificates

Categories

(CA Program :: CA Certificate Root Program, task, P2)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wthayer, Assigned: bwilson)

References

Details

(Whiteboard: [ca-approved] - In NSS 3.80, FF 103)

Attachments

(7 files, 1 obsolete file)

Certainly - 2021 Root Key Generation - Report.pdf
166.83 KB, application/pdf
Details
Certainly)- 2021 WebTrust for CAs (Key Lifecycle Management Activities) - Report.pdf
186.73 KB, application/pdf
Details
Certainly - 2021 WebTrust for CAs - Report.pdf
188.74 KB, application/pdf
Details
Certainly - 2021 WebTrust for CAs (SSL Baseline) - Report.pdf
146.85 KB, application/pdf
Details
Certainly - 3-9-2022 CA Compliance Self Assessment.pdf
343.59 KB, application/pdf
Details
Certainly - Value to Mozilla.pdf
88.73 KB, application/pdf
Details
Root Program Review of 1st CA Compliance Self Assessment.xlsx
47.47 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Details

Certainly would like to request the inclusion of our RSA (R1) and ECDSA (E1) root certificates.

These roots will only issue TLS server and client authentication certificates.

CCADB Case: https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000829

The CA certificates, CP/CPS, and other policy documents may be found at https://certainly.com/repository/

The following audit reports are attached to this bug: Root Key Generation Ceremony, Key Protection period, and WTCA and WTBR point-in-time.

Status: NEW → ASSIGNED
Type: enhancement → task
Whiteboard: [ca-initial]
Priority: -- → P3

Ben, ALV is failing because (1) the reports are point-in-time, and (2) they are not hosted on the Auditor's website. Are these acceptable errors, or do I need to do something to correct them?

Flags: needinfo?(bwilson)

I wouldn't worry because those are acceptable errors given the current state of your audits, inclusion application, and the processing capabilities of the ALV system.

Flags: needinfo?(bwilson)
Whiteboard: [ca-initial] → [ca-verifying]
Priority: P3 → P2
Whiteboard: [ca-verifying] → [ca-cps-review] BW 2022-01-28

Version 1.3 of the Certainly CP/CPS has been published to https://certainly.com/repository/

Attaching an updated self-assessment based on Mozilla's new template and CP/CPS version 1.3.

Attachment #9239293 - Attachment is obsolete: true
Whiteboard: [ca-cps-review] BW 2022-01-28 → [ca-ready-for-discussion 2022-03-21]

Attaching Certainly's value statement (https://wiki.mozilla.org/CA/Quantifying_Value).

This review was conducted on 4-Mar-2022 based on an earlier CA Compliance Self Assessment.

Public discussion started today 4-4-2022 with closing of public discussion anticipated for 25-Apr-2022 - https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/EhXhiHfWGC8/m/58CH8CMwBgAJ

Whiteboard: [ca-ready-for-discussion 2022-03-21] → [ca-in-discussion] 2022-04-04

Public discussion closed today with a recommendation that Certainly's request be approved - https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/EhXhiHfWGC8/m/3PcJHizqAAAJ

Whiteboard: [ca-in-discussion] 2022-04-04 → [ca-pending-approval] 2022-04-26

The 7-day last-call period has now passed without comment.

Flags: needinfo?(kwilson)

As per Comment #14, and on behalf of Mozilla I approve this request from Certainly LLC to include the following root certificates:

** Certainly Root R1 (Websites)
** Certainly Root E1 (Websites)

I will file the NSS bug for the approved changes.

Flags: needinfo?(kwilson)
Whiteboard: [ca-pending-approval] 2022-04-26 → [ca-approved] - pending NSS code changes

I have filed bug #1768970 against NSS for the actual changes.

Depends on: 1768970
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Whiteboard: [ca-approved] - pending NSS code changes → [ca-approved] - In NSS 3.80, FF 103
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: