Closed Bug 1817340 Opened 3 years ago Closed 2 years ago

Add Sectigo R46/E46 Roots

Categories

(CA Program :: CA Certificate Root Program, task, P1)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bwilson, Assigned: bwilson)

References

Details

(Whiteboard: [ca-approved] - In NSS 3.92, Firefox 117; EV enabled in FF 118)

This bug corresponds to CCADB Root Inclusion Case #1215 and the following Sectigo roots:

Sectigo Public Email Protection Root E46
Sectigo Public Email Protection Root R46
Sectigo Public Server Authentication Root E46
Sectigo Public Server Authentication Root R46

Priority: -- → P1
See Also: → 1793836

Here is additional information about the CA certificates:

Sectigo Public Email Protection Root E46
https://crt.sh/?sha256=22D9599234D60F1D4BC7C7E96F43FA555B07301FD475175089DAFB8C25E477B3
Sectigo Public Email Protection Root R46
https://crt.sh/?sha256=D5917A7791EB7CF20A2E57EB98284A67B28A57E89182DA53D546678C9FDE2B4F
Sectigo Public Server Authentication Root E46
https://crt.sh/?sha256=C90F26F0FB1B4018B22227519B5CA2B53E2CA5B3BE5CF18EFE1BEF47380C5383
Sectigo Public Server Authentication Root R46
https://crt.sh/?sha256=7BB647A62AEEAC88BF257AA522D01FFEA395E0AB45C73F93F65654EC38F25A06

Whiteboard: [ca-initial] → [ca-verifying]
Whiteboard: [ca-verifying] → [ca-ready-for-discussion 2023-03-24]

Public discussion began on April 24, 2023 (https://groups.google.com/a/ccadb.org/g/public/c/1sKKdixUyFs/m/crM2RJTsAgAJ) . It is expected to close on June 5, 2023.

Whiteboard: [ca-ready-for-discussion 2023-03-24] → [ca-in-discussion] 2023-04-24

Public discussion concluded on the CCADB Public list on Friday, June 9. https://groups.google.com/a/ccadb.org/g/public/c/1sKKdixUyFs/m/Nb3uWA0aBAAJ
Today, I am recommending that we approve Sectigo's request for the following four roots:
Sectigo Public Email Protection Root E46
Sectigo Public Email Protection Root R46
Sectigo Public Server Authentication Root E46
Sectigo Public Server Authentication Root R46
See https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/COelxaZ83-E/m/oCBOWNFwAgAJ

Flags: needinfo?(kwilson)
Whiteboard: [ca-in-discussion] 2023-04-24 → [ca-pending-approval] 2023-06-13

As per Comment #13, and on behalf of Mozilla I approve this request from Sectigo to include the following root certificates:

** Sectigo Public Email Protection Root E46 (Email)
** Sectigo Public Email Protection Root R46 (Email)
** Sectigo Public Server Authentication Root E46 (Websites); EV
** Sectigo Public Server Authentication Root R46 (Websites); EV

I will file the NSS and PSM bugs for the approved changes.

Flags: needinfo?(kwilson)
Whiteboard: [ca-pending-approval] 2023-06-13 → [ca-approved] - pending NSS and PSM code changes
Depends on: 1840429
Depends on: 1840432

I have filed bug #1840429 against NSS and bug #1840432 against PSM for the actual changes.

Whiteboard: [ca-approved] - pending NSS and PSM code changes → [ca-approved] - In NSS 3.94, Firefox 117, pending PSM code changes for EV
Whiteboard: [ca-approved] - In NSS 3.94, Firefox 117, pending PSM code changes for EV → [ca-approved] - In NSS 3.92, Firefox 117, pending PSM code changes for EV
Whiteboard: [ca-approved] - In NSS 3.92, Firefox 117, pending PSM code changes for EV → [ca-approved] - In NSS 3.92, Firefox 117; EV enabled in FF 118
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.