Closed Bug 1929329 Opened 1 year ago Closed 6 months ago

Add TrustAsia Dedicated Roots

Categories

(CA Program :: CA Certificate Root Program, task, P2)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: Ca.mail, Assigned: bwilson)

References

Details

(Whiteboard: [ca-approved] - in NSS 3.114, with EV in FF 142)

Steps to reproduce:

TrustAsia requests the inclusion of the following dedicated root certificates in the Mozilla Root Certificate Program:

TrustAsia TLS RSA Root CA
TrustAsia TLS ECC Root CA
TrustAsia SMIME RSA Root CA
TrustAsia SMIME ECC Root CA

Root inclusion case #2095 has been created in the CCADB:
https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00002095

Assignee: nobody → bwilson
Status: UNCONFIRMED → ASSIGNED
Type: defect → task
Ever confirmed: true
Whiteboard: [ca-initial]
Priority: -- → P2

TrustAsia would like a status update.

Flags: needinfo?(bwilson)
Flags: needinfo?(bwilson)
Whiteboard: [ca-initial] → [ca-verifying]
Whiteboard: [ca-verifying] → [ca-cps-review]
Whiteboard: [ca-cps-review] → [ca-cps-review] [ca-ready-for-discussion]
Whiteboard: [ca-cps-review] [ca-ready-for-discussion] → [ca-cps-review] [ca-in-discussion]

A six-week period of public discussion began on April 21, 2025, and will conclude on June 2, 2025.
https://groups.google.com/a/ccadb.org/g/public/c/clTruHb98og/m/19___KFLCAAJ

Public discussion period ended on June 2, 2025, and there were no objections or comments in opposition to TrustAsia's inclusion request. https://groups.google.com/a/ccadb.org/g/public/c/clTruHb98og/m/-k3FF33JAQAJ. Today, I sent notice to the Mozilla Dev-Security-Policy list that I am recommending approval of the request. https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/n_lUJgUQY18/m/Z9W4S161AQAJ. This starts a 7-day "last call", which will run through June 11, 2025.

Whiteboard: [ca-cps-review] [ca-in-discussion] → [ca-pending-approval]
Whiteboard: [ca-pending-approval] → [ca-approved] - pending NSS and PSM code changes

As per Comment #3, and on behalf of Mozilla, I approve this request from TrustAsia to include the following root certificates with the following trust settings:

  • TrustAsia TLS RSA Root CA (Websites, EV)
  • TrustAsia TLS ECC Root CA (Websites, EV)
  • TrustAsia SMIME RSA Root CA (Email)
  • TrustAsia SMIME ECC Root CA (Email)

I will file the NSS and PSM bugs for the approved changes.

Depends on: 1972391

The NSS and PSM bugs are Bug #1972391 and Bug # 1972393, respectively.

Roots are in NSS 3.114 and TLS roots are EV-enabled in Firefox 142.
I need to do some additional testing on the two EV test websites:
https://ev-ecctls-valid.trustasia.com/
https://ev-rsatls-valid.trustasia.com/

Flags: needinfo?(bwilson)
Whiteboard: [ca-approved] - pending NSS and PSM code changes → [ca-approved] - in NSS 3.114, with EV in FF 142
Status: ASSIGNED → RESOLVED
Closed: 6 months ago
Flags: needinfo?(bwilson)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.