Closed Bug 477314 Opened 16 years ago Closed 13 years ago

Add Japanese Local Government Application CA G2 Root

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: kathleen.a.wilson, Assigned: kathleen.a.wilson)

Details

(Whiteboard: information incomplete)

Attachments

(4 files)

Cert for the LGPKI-AppCAG2
932 bytes, application/x-x509-ca-cert
Details
Initial Information Gathering Document
114.42 KB, application/pdf
Details
English translation of part of the LGPKI CP/CPS
38.74 KB, application/pdf
Details
English translation of part of the LGPKI Registration Authority Branch Operation Handbook
300.73 KB, application/pdf
Details
CA Name: Local Government Public Key Infrastructure Application Certification Authority Website URL: http://www.lgpki.jp/ CA Summary: Certificates issued by the Application CA G2 are mainly issued for the purpose of use in services provided by local governments to residents and companies etc., and also by ASP service providers and public institutions to local governments. Audit Type (WebTrust, ETSI etc.): WebTrust for CA Auditor: Deloitte Touche Tohmatsu Auditor Website URL: http://www.deloitte.com/jp Audit Document URL(s): https://cert.webtrust.org/SealFile?seal=840&file=pdf Certificate Name: Application CA G2 -- LGPKI Root certificate download URL (on CA website): https://www.lgpki.jp/CAInfo/AppCAG2.cer Certificate SHA1 Fingerprint (in hexadecimal): 96 83 38 F1 13 E3 6A 7B AB DD 08 F7 77 63 91 A6 87 36 58 2E Key size (for RSA, modulus length) in bits: 2048bits Valid From (YYYY-MM-DD): 2006-04-01 Valid To (YYYY-MM-DD): 2016-03-31 CRL HTTP URL (if any): http://www.lgpki.jp/Information/CRL/AppCACrl.crl CRL issuing frequency for subordinate EE certificates: 1days OCSP responder URL (if any): Class: CP/CPS URL: http://www.lgpki.jp/unei/C-6-3-5_CPCPS_ApCA_20070320.pdf Requested Trust Indicators: SSL and code signing URL of a sample website using a certificate chained to this root: https://www.lgpki.jp/CAInfo/fingerprint.htm
The LGPKI Application CA G2 root cert is downloadable from https://www.lgpki.jp/CAInfo/AppCAG2.cer However, the cert for this website chains up to this root, so I’m attaching the root here.
Attached is the Initial Information Gathering document which summarizes the information that has been gathered and verified. Within the document the items highlighted in yellow indicate where more information or clarification is needed. I will also summarize below. 1) Please provide a diagram and/or specific description of the intermediate CAs and end-entity certificates that the LGPKI Application CA G2 root issues. Are there multiple Organization and Application sub-CAs? Are the sub-CAs able to sign their own sub-CAs? Who operates the sub-CAs? Does this root have any subordinate CAs that are operated by external third parties? For the subordinate CAs that are operated by third parties, please provide a general description and explain how the CP/CPS and audits ensure the third parties are in compliance. Has this root been involved in cross-signing with any other root? 2) I received the following two documents via email. May I attach them to this bug? Are the corresponding documents available in Japanese from your website? If yes, please provide the URLs. a) 20090205_JapanLGPKI_RegistrationAuthorityBranche_excerpt.doc Is this translation of part of the LGPKI Registration Authority Branch Operation Handbook? b) 20090205_JapanLGPKIAPCA_excerpt.doc Is this translation of part of the LGPKI Application Certification Authority CP/CPS? 3) Please provide translations into English of the sections of the CP/CPS documents pertaining to: + Verification of Identity and Organization + Verification of ownership/control of domain name + Verification of ownership/control of email address + Section 7 of http://www.mozilla.org/projects/security/certs/policy/ + Potentially Problematic Practices, http://wiki.mozilla.org/CA:Problematic_Practices 4) Content copying is not allowed in the permissions on the audit report, so I cannot review it using Google Translate. Please provide translation into English.
Status: NEW → ASSIGNED
Whiteboard: information incomplete
Is there any progress for this bug?
(In reply to comment #5) > Is there any progress for this bug? No. The CA has to respond to all of the items listed in Comment #2 in this bug if they wish to continue with this particular root inclusion request.
Closing this bug. If the CA wishes to include this root certificate in NSS, they may create a new bug as per the root inclusion process: https://wiki.mozilla.org/CA:How_to_apply
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: