Add Japanese Local Government Application CA G2 Root

RESOLVED INCOMPLETE

Status

--
enhancement
RESOLVED INCOMPLETE
10 years ago
2 years ago

People

(Reporter: kwilson, Assigned: kwilson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: information incomplete)

Attachments

(4 attachments)

(Assignee)

Description

10 years ago
CA Name: Local Government Public Key Infrastructure Application Certification Authority
Website URL: http://www.lgpki.jp/
CA Summary: Certificates issued by the Application CA G2 are mainly issued for the purpose of use in services provided by local governments to residents and companies etc., and also by ASP service providers and public institutions to local governments.

Audit Type (WebTrust, ETSI etc.): WebTrust for CA
Auditor: Deloitte Touche Tohmatsu
Auditor Website URL: http://www.deloitte.com/jp
Audit Document URL(s): https://cert.webtrust.org/SealFile?seal=840&file=pdf
Certificate Name: Application CA G2 -- LGPKI
Root certificate download URL (on CA website):
 https://www.lgpki.jp/CAInfo/AppCAG2.cer
Certificate SHA1 Fingerprint (in hexadecimal): 96 83 38 F1 13 E3 6A 7B AB DD 08 F7 77 63 91 A6 87 36 58 2E
Key size (for RSA, modulus length) in bits: 2048bits
Valid From (YYYY-MM-DD): 2006-04-01
Valid To (YYYY-MM-DD): 2016-03-31
CRL HTTP URL (if any): http://www.lgpki.jp/Information/CRL/AppCACrl.crl
CRL issuing frequency for subordinate EE certificates: 1days
OCSP responder URL (if any):
Class:
CP/CPS URL: http://www.lgpki.jp/unei/C-6-3-5_CPCPS_ApCA_20070320.pdf
Requested Trust Indicators: SSL and code signing
URL of a sample website using a certificate chained to this root: 
 https://www.lgpki.jp/CAInfo/fingerprint.htm
(Assignee)

Comment 1

10 years ago
The LGPKI Application CA G2 root cert is downloadable from
https://www.lgpki.jp/CAInfo/AppCAG2.cer
However, the cert for this website chains up to this root, so I’m attaching the root here.
(Assignee)

Comment 2

10 years ago
Attached is the Initial Information Gathering document which summarizes the information that has been gathered and verified. Within the document the items highlighted in yellow indicate where more information or clarification is needed.  I will also summarize below.

1) Please provide a diagram and/or specific description of the intermediate CAs and end-entity certificates that the LGPKI Application CA G2 root issues.
Are there multiple Organization and Application sub-CAs?
Are the sub-CAs able to sign their own sub-CAs?
Who operates the sub-CAs?
Does this root have any subordinate CAs that are operated by external third parties?
For the subordinate CAs that are operated by third parties, please provide a general description and explain how the CP/CPS and audits ensure the third parties are in compliance.
Has this root been involved in cross-signing with any other root?

2) I received the following two documents via email. May I attach them to this bug? 
Are the corresponding documents available in Japanese from your website? If yes, please provide the URLs.
a) 20090205_JapanLGPKI_RegistrationAuthorityBranche_excerpt.doc
Is this translation of part of the LGPKI Registration Authority Branch Operation Handbook?
b) 20090205_JapanLGPKIAPCA_excerpt.doc
Is this translation of part of the LGPKI Application Certification Authority CP/CPS?

3) Please provide translations into English of the sections of the CP/CPS documents pertaining to:
+ Verification of Identity and Organization
+ Verification of ownership/control of domain name
+ Verification of ownership/control of email address
+ Section 7 of http://www.mozilla.org/projects/security/certs/policy/
+ Potentially Problematic Practices, http://wiki.mozilla.org/CA:Problematic_Practices

4) Content copying is not allowed in the permissions on the audit report, so I cannot review it using Google Translate. Please provide translation into English.
(Assignee)

Updated

10 years ago
Status: NEW → ASSIGNED
Whiteboard: information incomplete

Comment 5

8 years ago
Is there any progress for this bug?
(Assignee)

Comment 6

8 years ago
(In reply to comment #5)
> Is there any progress for this bug?

No. The CA has to respond to all of the items listed in Comment #2 in this bug if they wish to continue with this particular root inclusion request.
(Assignee)

Comment 7

8 years ago
Closing this bug. If the CA wishes to include this root certificate in NSS, they may create a new bug as per the root inclusion process:
https://wiki.mozilla.org/CA:How_to_apply
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INCOMPLETE

Updated

2 years ago
Product: mozilla.org → NSS
You need to log in before you can comment on or make changes to this bug.