All, This is a reminder that the public discussion period on the inclusion application of Deutsche Telekom Security GmbH will close on Wednesday, December 13, 2023.
Thank you, -Chris, on behalf of the CCADB Steering Committee On Mon, Nov 6, 2023 at 2:51 AM <[email protected]> wrote: > Hi Moudrick, > > > > yes, these Root-CAs that are the subject of this Root Inclusion Request > are fully managed by Deutsche Telekom Security GmbH. > > > > Greetings > > > > Stefan > > > > *Von:* Moudrick M. Dadashov <[email protected]> > *Gesendet:* Freitag, 3. November 2023 20:50 > *An:* Kirch, Stefan <[email protected]>; [email protected] > *Cc:* FMB TrustCenter-Roots <[email protected]> > *Betreff:* RE: AW: Public Discussion of Deutsche Telekom Security CA > Inclusion Request > > > > Thank you, Stefan. > > > > Do I understand correctly that, despite of the organisational structure > and the relationship between the group members, this CA is fully managed by > Deutsche Telekom Security GmbH? > > > > Thanks, > > M.D. > > > > Sent from my Galaxy > > > > > > -------- Original message -------- > > From: [email protected] > > Date: 11/2/23 15:29 (GMT+02:00) > > To: [email protected] > > Cc: [email protected] > > Subject: AW: Public Discussion of Deutsche Telekom Security CA Inclusion > Request > > > > Hi, > > > > For our answer we assume that "Deutsche Telekom AG" is meant rather than > "Deutsche Telekom GmbH" (such a company does not exist). > > The relationship is as follows: > > - Deutsche Telekom AG is the Group’s parent company > > - Deutsche Telekom Security GmbH is a 100% subsidiary of Deutsche Telekom > AG > > - T-Systems International GmbH is a 100% subsidiary of Deutsche Telekom AG > > > > With regard to the publicly trusted certificates, T-Systems International > GmbH was the owner of the Root CA certificates as well as the operator of > all Sub CAs of the Deutsche Telekom Group until 2020. > > With the establishment of Deutsche Telekom Security GmbH in 2020, > ownership of the Root CAs as well as operation of the Sub CAs of the > Deutsche Telekom Group were transferred internally from T-Systems > International GmbH to Deutsche Telekom Security GmbH. > > As the transfer also included all employees concerned, and operations > continued at the same physical locations under the same conditions, the > change mainly only took place on paper, with the name "T-Systems > International GmbH" being replaced by "Deutsche Telekom Security GmbH" in > the relevant documents and contracts. > > > > Regarding the change of the Root ownership see also > > > https://groups.google.com/g/mozilla.dev.security.policy/c/pOu_jWY0SVY/m/2uLyuK4TAwAJ > > > > > Greetings > > > > Stefan > > > > *Von:* [email protected] <[email protected]> *Im Auftrag von *Moudrick M. > Dadashov > *Gesendet:* Mittwoch, 1. November 2023 19:39 > *An:* Ryan Dickson <[email protected]>; public <[email protected]> > *Betreff:* RE: Public Discussion of Deutsche Telekom Security CA > Inclusion Request > > > > Thank you. I’m trying to understand the organisational structure of the > applicant. > > > > Could someone please introduce us the relationship between Deutsche > Telekom GmbH, Deutsche Telekom Security GmbH and T-Systems International > GmbH? > > > > Specifically I’m interested to understand their roles within the CA > operations. > > > > Thanks, > > M.D. > > > > > > Sent from my Galaxy > > > > > > -------- Original message -------- > > From: 'Ryan Dickson' via CCADB Public <[email protected]> > > Date: 11/1/23 15:08 (GMT+02:00) > > To: public <[email protected]> > > Subject: Public Discussion of Deutsche Telekom Security CA Inclusion > Request > > > > All, > > > > This email commences a six-week public discussion of Deutsche Telekom > Security’s request to include the following CA certificates as publicly > trusted root certificates in one or more CCADB Root Store Member’s program. > This discussion period is scheduled to close on *December 13, 2023*. > > > > The purpose of this public discussion process is to promote openness and > transparency. However, each Root Store makes its inclusion decisions > independently, on its own timelines, and based on its own inclusion > criteria. Successful completion of this public discussion process does not > guarantee any favorable action by any root store. > > > > Anyone with concerns or questions is urged to raise them on this CCADB > Public list by replying directly in this discussion thread. Likewise, a > representative of the applicant must promptly respond directly in the > discussion thread to all questions that are posted. > > > > *CCADB Case Number: *00001269 > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001269> > > > > *Organization Background Information (listed in CCADB):* > > · *CA Owner Name:*Deutsche Telekom Security GmbH > > · *Website: *https://www.telesec.de/ > > · *Address: *Untere Industriestrasse 20, Netphen, 57250 Germany > > · *Problem Reporting Mechanisms: * > https://www.telesec.de/en/kontakt-en > > · *Organization Type: *Private Corporation > > o Deutsche Telekom Security is a subsidiary of Deutsche Telekom AG > > · *Repository URL: > https://www.telesec.de/en/service/downloads/pki-repository/ > <https://www.telesec.de/en/service/downloads/pki-repository/>* > > > > *Certificates Requesting Inclusion:* > > *1.* *Telekom Security SMIME ECC Root 2021:* > > o Certificate download links: (CA Repository > <https://www.telesec.de/assets/downloads/PKI-Repository/Telekom_Security_SMIME_ECC_Root_2021.cer>, > crt.sh > <https://crt.sh/?sha256=3AE6DF7E0D637A65A8C81612EC6F9A142F85A16834C10280D88E707028518755> > ) > > o Use cases served/EKUs: > > § Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 > > o Test websites: N/A (S/MIME CA) > > > > *2.* *Telekom Security TLS ECC Root 2020: * > > o Certificate download links: (CA Repository > <https://www.telesec.de/assets/downloads/PKI-Repository/Telekom_Security_TLS_ECC_Root_2020.cer>, > crt.sh > <https://crt.sh/?sha256=578AF4DED0853F4E5998DB4AEAF9CBEA8D945F60B620A38D1A3C13B2BC7BA8E1> > ) > > o Use cases served/EKUs: > > § Server Authentication 1.3.6.1.5.5.7.3.1 > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o Test websites: > > § Valid: https://active.tstlser20.test.telesec.de/ > > § Revoked:https://revoked.tstlser20.test.telesec.de/ > > § Expired: https://expired.tstlser20.test.telesec.de/ > > > > *3.* *Telekom Security SMIME RSA Root 2023:* > > o Certificate download links: (CA Repository > <https://www.telesec.de/assets/downloads/PKI-Repository/Telekom_Security_SMIME_RSA_Root_2023.cer>, > crt.sh > <https://crt.sh/?sha256=78A656344F947E9CC0F734D9053D32F6742086B6B9CD2CAE4FAE1A2E4EFDE048> > ) > > o Use cases served/EKUs: > > § Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o Test websites: N/A (S/MIME CA) > > > > *4.* *Telekom Security TLS RSA Root 2023:* > > o Certificate download links: (CA Repository > <https://www.telesec.de/assets/downloads/PKI-Repository/Telekom_Security_TLS_RSA_Root_2023.cer>, > crt.sh > <https://crt.sh/?sha256=EFC65CADBB59ADB6EFE84DA22311B35624B71B3B1EA0DA8B6655174EC8978646> > ) > > o Use cases served/EKUs: > > § Server Authentication 1.3.6.1.5.5.7.3.1 > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o Test websites: > > § Valid: https://active.tstlsrr23.test.telesec.de/ > > § Revoked: https://revoked.tstlsrr23.test.telesec.de/ > > § Expired: https://expired.tstlsrr23.test.telesec.de/ > > > > *Existing Publicly Trusted Root CAs from Deutsche Telekom Security:* > > *1.* *T-TeleSec GlobalRoot Class 2:* > > o Certificate download links: CA Repository > <https://www.telesec.de/assets/downloads/PKI-Repository/T-TeleSec_GlobalRoot_Class_2.cer>, > crt.sh > <https://crt.sh/?q=91E2F5788D5810EBA7BA58737DE1548A8ECACD014598BC0B143E041B17052552> > > o Use cases served/EKUs: > > § Server Authentication (TLS) 1.3.6.1.5.5.7.3.1 > > § Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o Certificate Corpus: here > <https://search.censys.io/search?resource=certificates&q=parsed.extensions.authority_key_id%3A+bf5920360079a0a0226b8cd5f261d2b82ccb824a> > (requires Censys account) > > o Included in: Apple, Chrome, Microsoft, Mozilla > > *2.* *T-TeleSec GlobalRoot Class 3:* > > o Certificate download links: CA Repository > <https://www.telesec.de/assets/downloads/PKI-Repository/T-TeleSec_GlobalRoot_Class_3.cer>, > crt.sh > <https://crt.sh/?q=FD73DAD31C644FF1B43BEF0CCDDA96710B9CD9875ECA7E31707AF3E96D522BBD> > > o Use cases served/EKUs: > > § Server Authentication (TLS) 1.3.6.1.5.5.7.3.1; > > § Client Authentication 1.3.6.1.5.5.7.3.2 > > o Certificate Corpus: here > <https://search.censys.io/search?resource=certificates&q=parsed.extensions.authority_key_id%3A+b503f7763b61826a12aa1853eb032194bffececa> > (requires Censys account) > > o Included in: Apple, Chrome, Microsoft, Mozilla > > > > *Relevant Policy and Practices Documentation: * > > · Certificate Policy - v. 4.0 (Sept. 1, 2023), > https://www.telesec.de/assets/downloads/PKI-Repository/Telekom-Security-CP-EN-V4.0.pdf > > > · Certification Practices Statement - v. 6.0 (Sept. 1, 2023), > https://www.telesec.de/assets/downloads/PKI-Repository/Telekom-Security-CPS-Public-EN-V6.0.pdf > > > > > *Most Recent Self-Assessment:* > > · > https://www.telesec.de/assets/downloads/2023-08-28_Telekom_Security_CCADB_Self_Assessment_Framework_v1.2.xlsx > > > > > *Audit Statements:* > > · Auditor: TÜV Informationstechnik GmbH > > · Audit Criteria: ETSI EN 319 411-1 V1.3.1 (2021-05); ETSI EN 319 > 411-2, V2.4.1 (2021-11) > > · Date of Audit Letter Issuance: June 21, 2023 > > · For Period of Time: April 8, 2022, through April 7, 2023 > > · Audit Statement(s): > > o > https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/en/AA2023062101_Telekom_Security_2023_V1.0.pdf > > > > *Incident Summary (Bugzilla incidents from previous 24 months):* > > · Improper use of a domain validation method (Bugzilla Bug #1825780 > <https://bugzilla.mozilla.org/show_bug.cgi?id=1825780>) > > > > > > Thanks, > > Ryan, on behalf of the CCADB Steering Committee > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/CADEW5O_%3DkLcjqCLTj-XsBzVt94JgD0zA-HYfx9G711QVEr6HYQ%40mail.gmail.com > <https://groups.google.com/a/ccadb.org/d/msgid/public/CADEW5O_%3DkLcjqCLTj-XsBzVt94JgD0zA-HYfx9G711QVEr6HYQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/65429b46.050a0220.5dfd6.649f%40mx.google.com > <https://groups.google.com/a/ccadb.org/d/msgid/public/65429b46.050a0220.5dfd6.649f%40mx.google.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/BE1P281MB1506278DF4FD5DE3D887974FFAA6A%40BE1P281MB1506.DEUP281.PROD.OUTLOOK.COM > <https://groups.google.com/a/ccadb.org/d/msgid/public/BE1P281MB1506278DF4FD5DE3D887974FFAA6A%40BE1P281MB1506.DEUP281.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/BE1P281MB15064D740925362E1595C9A7FAAAA%40BE1P281MB1506.DEUP281.PROD.OUTLOOK.COM > <https://groups.google.com/a/ccadb.org/d/msgid/public/BE1P281MB15064D740925362E1595C9A7FAAAA%40BE1P281MB1506.DEUP281.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mAOHM-UKAiHSgwWnXFXvsm2BcAV%2BQaqLf63iOxAQcMDaw%40mail.gmail.com.
