Closed Bug 1782092 Opened 2 years ago Closed 9 months ago

Add Atos Roots

Categories

(CA Program :: CA Certificate Root Program, task, P1)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bwilson, Assigned: bwilson)

References

Details

(Whiteboard: [ca-approved] - In NSS 3.92, Firefox 117)

Attachments

(12 files)

Atos_ CA Compliance Self Assessment.xlsx
56.38 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Details
Atos_TrustedRoot_CPS_IssuingCAs_v2.7.2.pdf
966.20 KB, application/pdf
Details
Atos_TrustedRoot_CPS_RootCA_v2.7.2.pdf
894.35 KB, application/pdf
Details
ECC_sample_smime.pem
1.32 KB, application/octet-stream
Details
RSA_sample_smime.pem
2.46 KB, application/octet-stream
Details
Auditor-witnessed Key Generation - SECP384 CA_2020_3 (ECC TLS 2021).pdf
865.36 KB, application/pdf
Details
Auditor-witnessed Key Generation - SECP384 CA_2020_2 (ECC G2 2020).pdf
766.26 KB, application/pdf
Details
Auditor-witnessed Key Generation – ATC_TR_ROOT_4096_RSA_CA_2020_3 (RSA TLS2021 ).pdf
776.04 KB, application/pdf
Details
Auditor-witnessed Key Generation - ATC_TR_ROOT_4096_RSA_CA_2020_2 (RSA G2 2020).pdf
754.99 KB, application/pdf
Details
20201207_Report_KeyGen.pdf
248.77 KB, application/pdf
Details
20201207_Report_KeyGen_en.pdf
157.42 KB, application/pdf
Details
Atos-CA-Compliance-Self-Assessment-Reviewed-by-Mozilla.xlsx
49.82 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Details

Atos has several new roots that it is requesting be added. See https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000999

Status: NEW → ASSIGNED
Whiteboard: [ca-initial]
Priority: -- → P4

Atos needs to complete all of the "NEED" fields in the CCADB and also a Compliance Self-Assessment (https://wiki.mozilla.org/CA/Compliance_Self-Assessment) and upload it to this Bugzilla bug.

Whiteboard: [ca-initial] → [ca-verifying]
Priority: P4 → P3
Attached file ECC_sample_smime.pem

Sample SMIME certificate using ECC

Attached file RSA_sample_smime.pem

Sample SMIME certificate using RSA4096

Whiteboard: [ca-verifying] → [ca-cps-review] BW 2022-11-03
Product: NSS → CA Program

Key generation witnessed by Klaus-Werner Schröder from datenschutzCert GmbH

Key generation witnessed by Klaus-Werner Schröder from datenschutzCert GmbH

Key generation witnessed by Klaus-Werner Schröder from datenschutzCert GmbH

Key generation witnessed by Klaus-Werner Schröder from datenschutzCert GmbH

Attachment #9306492 - Attachment description: Auditor-witnessed Key Generation SECP384 CA_2020_2 (ECC G2 2020).pdf → Auditor-witnessed Key Generation - SECP384 CA_2020_2 (ECC G2 2020).pdf
Whiteboard: [ca-cps-review] BW 2022-11-03 → [ca-ready-for-discussion 2022-12-08]
Priority: P3 → P1

English language version of KEY GEN Audit Report

CA application is in public discussion until March 20, 2023 - https://groups.google.com/a/ccadb.org/g/public/c/v5yFBHjuBRo/m/YT_SjO2_BQAJ

Whiteboard: [ca-ready-for-discussion 2022-12-08] → [ca-in-discussion] 2023-02-06

Hello Ben,
many thanks for the file.
We will start processing as soon as possible and then give you a hint after completion
br, Matthias

Whiteboard: [ca-in-discussion] 2023-02-06 → [ca-cps-review] BW 2023-04-01

Hello Ben,
based on your remarks we have updated our CP/CPS to Version 2.7.3.
you could find new on https://pki.atos.net/trustcenter/de/download/trusted-root-ca
br, Matthias

I am recommending that we approve the inclusion of the following four (4) ATOS Trustcenter root CA certificates:

Atos TrustedRoot Root CA RSA G2 2020 - https://crt.sh/?sha256=78833A783BB2986C254B9370D3C20E5EBA8FA7840CBF63FE17297A0B0119685E
Atos TrustedRoot Root CA RSA TLS 2021 - https://crt.sh/?sha256=81A9088EA59FB364C548A6F85559099B6F0405EFBF18E5324EC9F457BA00112F
Atos TrustedRoot Root CA ECC G2 2020 - https://crt.sh/?sha256=E38655F4B0190C84D3B3893D840A687E190A256D98052F159E6D4A39F589A6EB
Atos TrustedRoot Root CA ECC TLS 2021 - https://crt.sh/?sha256=B2FAE53E14CCD7AB9212064701AE279C1D8988FACB775FA8A008914E663988A8

See https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/39IywQ_olik/m/9RJSd0u-AAAJ

Flags: needinfo?(kwilson)
Whiteboard: [ca-cps-review] BW 2023-04-01 → [ca-pending-approval] 2023-05-05

As per Comment #17, and on behalf of Mozilla I approve this request from Atos Trustcenter to include the following root certificates:

** Atos TrustedRoot Root CA RSA G2 2020 (Email)
** Atos TrustedRoot Root CA ECC G2 2020 (Email)
** Atos TrustedRoot Root CA RSA TLS 2021 (Websites)
** Atos TrustedRoot Root CA ECC TLS 2021 (Websites)

I will file the NSS bug for the approved changes.

Flags: needinfo?(kwilson)
Whiteboard: [ca-pending-approval] 2023-05-05 → [ca-approved] - pending NSS code changes
Depends on: 1833270

I have filed bug #1833270 against NSS for the actual changes.

Status: ASSIGNED → RESOLVED
Closed: 9 months ago
Resolution: --- → FIXED
Whiteboard: [ca-approved] - pending NSS code changes → [ca-approved] - In NSS 3.94, Firefox 117
Whiteboard: [ca-approved] - In NSS 3.94, Firefox 117 → [ca-approved] - In NSS 3.92, Firefox 117
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: