Frank has asked me to help with the public discussion phase for CA requests. The CA Schedule at https://wiki.mozilla.org/CA:Schedule has been changed into a queue. I will keep that page updated as requests enter/complete discussion or complete the information gathering/ verification phase. DCSSI is the next request in the queue, so it is entering the public discussion period now.
DCSSI (The French government’s Central Information Systems Security Division) has applied to add one new root CA certificate to the Mozilla root store, as documented in the following bug: https://bugzilla.mozilla.org/show_bug.cgi?id=368970 and in the pending certificates list here: http://www.mozilla.org/projects/security/certs/pending/#DCSSI Summary of Information Gathered and Verified: https://bugzilla.mozilla.org/attachment.cgi?id=355447 Some quick comments regarding noteworthy points: * The IGC/A root issues a subordinate CA for each organization, which can be only a government or an administrative organization. Each of these subordinate CAs may issue end-entity certificates or additional subordinate CAs to be used for divisions within that organization. Each organization is required to follow the CP and the Government Référentiel général de sécurité (RGS) / Politique de Référencement Intersectorielle de Sécurité (PRIS), and be audited. * Certificates chaining up to this root are used for SSL, S/MIME, and code signing. DCSSI issues certificates to French Government websites which are used by the general public. Each department has a sub CA; there are at least 20 at the moment, and potentially up to 60. * Some sub-CAs may be operated on behalf of the French administration. All such private operators are required to follow the CP and the Government RGS/PRIS, and be audited. * The CP documents (including the Government RGS/PRIS) are in French. English translations for relevant sections have been provided and verified. * DCSSI has undergone audits by the French Secretariat Général de la Défense Nationale, which acts as the French national security authority. Their audits are equivalent to Webtrust CA audits. The audits are current, with the most recent audit/approval completed in November 2008. This begins the one-week discussion period. After that week, I will provide a summary of issues noted and action items. If there are no outstanding issues, then this request can be approved for inclusion. If there are outstanding issues or action items, then an additional discussion may be needed as follow-up. Kathleen -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
