Closed Bug 1727941 Opened 3 years ago Closed 2 years ago

Add Certainly R1 and E1 Root Certificates

Categories

(CA Program :: CA Certificate Root Program, task, P2)

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: wthayer, Assigned: bwilson)

References

Details

(Whiteboard: [ca-approved] - In NSS 3.80, FF 103)

Attachments

(7 files, 1 obsolete file)

Certainly would like to request the inclusion of our RSA (R1) and ECDSA (E1) root certificates.

These roots will only issue TLS server and client authentication certificates.

CCADB Case: https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000829

The CA certificates, CP/CPS, and other policy documents may be found at https://certainly.com/repository/

The following audit reports are attached to this bug: Root Key Generation Ceremony, Key Protection period, and WTCA and WTBR point-in-time.

Status: NEW → ASSIGNED
Type: enhancement → task
Whiteboard: [ca-initial]
Priority: -- → P3

Ben, ALV is failing because (1) the reports are point-in-time, and (2) they are not hosted on the Auditor's website. Are these acceptable errors, or do I need to do something to correct them?

Flags: needinfo?(bwilson)

I wouldn't worry because those are acceptable errors given the current state of your audits, inclusion application, and the processing capabilities of the ALV system.

Flags: needinfo?(bwilson)
Whiteboard: [ca-initial] → [ca-verifying]
Priority: P3 → P2
Whiteboard: [ca-verifying] → [ca-cps-review] BW 2022-01-28

Version 1.3 of the Certainly CP/CPS has been published to https://certainly.com/repository/

Attaching an updated self-assessment based on Mozilla's new template and CP/CPS version 1.3.

Attachment #9239293 - Attachment is obsolete: true
Whiteboard: [ca-cps-review] BW 2022-01-28 → [ca-ready-for-discussion 2022-03-21]

Attaching Certainly's value statement (https://wiki.mozilla.org/CA/Quantifying_Value).

This review was conducted on 4-Mar-2022 based on an earlier CA Compliance Self Assessment.

Public discussion started today 4-4-2022 with closing of public discussion anticipated for 25-Apr-2022 - https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/EhXhiHfWGC8/m/58CH8CMwBgAJ

Whiteboard: [ca-ready-for-discussion 2022-03-21] → [ca-in-discussion] 2022-04-04

Public discussion closed today with a recommendation that Certainly's request be approved - https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/EhXhiHfWGC8/m/3PcJHizqAAAJ

Whiteboard: [ca-in-discussion] 2022-04-04 → [ca-pending-approval] 2022-04-26

The 7-day last-call period has now passed without comment.

Flags: needinfo?(kwilson)

As per Comment #14, and on behalf of Mozilla I approve this request from Certainly LLC to include the following root certificates:

** Certainly Root R1 (Websites)
** Certainly Root E1 (Websites)

I will file the NSS bug for the approved changes.

Flags: needinfo?(kwilson)
Whiteboard: [ca-pending-approval] 2022-04-26 → [ca-approved] - pending NSS code changes

I have filed bug #1768970 against NSS for the actual changes.

Depends on: 1768970
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Whiteboard: [ca-approved] - pending NSS code changes → [ca-approved] - In NSS 3.80, FF 103
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: