November 2017 CA Communication

ACTION 7: Ensure your CA is aware of current discussions in the CA/Browser Forum about Certification Authority Authorization (CAA) . As of September 8, 2017, CAA Checking is Mandatory. Publication of CAA Resource Records allows a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis‐issue. Mozilla: - currently permits both with and without errata CAA checking - currently allows Errata ID 5065 and 5097 - supports the "natural" interpretation of the DNAME rules If the CA/Browser Forum mandates CAA checking with-errata, then Mozilla will expect a migration within 3 months. Please confirm that your CA will follow discussions about CAA, and will comply with "Effective Dates" regarding CAA as they are established.
ACTION 7 COMMENTS Use this space to express concern or qualifications about your response regarding Certification Authority Authorization (CAA) .

CA Owner Response Response
AC Camerfirma, S.A. Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA. https://bugzilla.mozilla.org/show_bug.cgi?id=1420871
Actalis Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Amazon Trust Services Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Asseco Data Systems S.A. (previously Unizeto Certum) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Atos Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Autoridad de Certificacion Firmaprofesional Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Buypass Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Certicámara Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Certinomis / Docapost Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA. We will ensure that our PKI vendor is also following the CAA discussions in order to have patches and updates as necessary.
China Financial Certification Authority (CFCA) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Chunghwa Telecom Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
ComSign Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Cybertrust Japan / JCSI Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
D-TRUST Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Deutscher Sparkassen Verlag GmbH (S-TRUST, DSV-Gruppe) Not Applicable, because our root certificates do not have the Websites trust bit enabled.
Dhimyotis / Certigna Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
DigiCert Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Disig, a.s. Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
DocuSign (OpenTrust/Keynectis) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
E-Tugra Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
EDICOM Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Entrust Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA. No comments.
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA. GDCA began to check the CAA record as of 1 July 2017, and had disclosed this in our CP/CPS.
GlobalSign Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
GoDaddy Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Google Trust Services LLC (GTS) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Government of Hong Kong (SAR), Hongkong Post, Certizen Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA. We plan to modify our CAA checking logic to support CAA checking with-errata within 3 months, i.e. no later than mid. of March 2018.
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Government of Taiwan, Government Root Certification Authority (GRCA) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Government of The Netherlands, PKIoverheid (Logius) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
HARICA Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
IdenTrust Services, LLC Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Internet Security Research Group (ISRG) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Izenpe S.A. Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Krajowa Izba Rozliczeniowa S.A. (KIR) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
LuxTrust Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA. We have followed the discussion about CAA field and this was updated in our CPS: https://www.luxtrust.lu/upload/data/repository/luxtrust_ssl_ca_cps_v1.5.pdf
Microsec Ltd. Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
NetLock Ltd. Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
OISTE Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
QuoVadis Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
SECOM Trust Systems CO., LTD. Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
SK ID Solutions AS Not Applicable, because our root certificates do not have the Websites trust bit enabled. Starting from September 1, 2017, SK ID Solutions will no longer issue new TLS Server Certificates. https://sk.ee/en/News/sk-will-cease-issuing-tls-server-certificates
SSL.com Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Sectigo Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
SecureTrust Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
SwissSign AG Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA. Prior to issuance SwissSign validates each server Name FQDN in publicly trusted SSL certificates against the domain CAA records. If a CAA record exists that does not list swisssign.com as an authorized CA, SwissSign will not issue the certificate. SwissSign: - caches CAA records for reuse for up to 8 hours - supports the issue and issuewild CAA tags - processes but does not act on iodef property tag (i.e., SwissSignSign does not dispatch reports of such - issuance requests to the contact(s) stipulated in the CAA iodef record(s)) - does not support any additional property tags
Swisscom (Switzerland) Ltd Not Applicable, because our root certificates do not have the Websites trust bit enabled.
T-Systems International GmbH (Deutsche Telekom) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Taiwan-CA Inc. (TWCA) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Telia Company (formerly TeliaSonera) Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
TrustCor Systems Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Trustis Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
TurkTrust Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Visa Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.
Web.com Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA. No comments
certSIGN Our CA understands and will follow the CAA discussions in the CA/Browser Forum, and will comply with the established "Effective Dates" regarding CAA.