January 2018 CA Communication

ACTION 3: Disclose All Non-Technically-Constrained Subordinate CA Certificates Sections 5.3.1 and 5.3.2 of Mozilla Root Store Policy version 2.5 require CAs to publicly disclose (via CCADB) all subordinate CA certificates including those used to issue email S/MIME certificates by 15-January unless they are technically constrained via both EKU and Name Constraints to a set of validated domains. We have since changed the compliance deadline to 15-April 2018. Certificate monitors have detected over 200 certificates that currently do not comply with this new policy. Please ensure that your CA is in compliance before 15-April 2018. Please select the correct response for your CA:
ACTION 3 COMMENTS

CA Owner Response Response
AC Camerfirma, S.A. We are in compliance with this policy.
Actalis We are in compliance with this policy.
Amazon Trust Services We are in compliance with this policy.
Asseco Data Systems S.A. (previously Unizeto Certum) We are in compliance with this policy.
Atos We are in compliance with this policy.
Autoridad de Certificacion Firmaprofesional We are in compliance with this policy.
Buypass We intend to comply with this policy before 15-April 2018.
Certicámara We intend to comply with this policy before 15-April 2018.
Certinomis / Docapost We are in compliance with this policy.
China Financial Certification Authority (CFCA) We are in compliance with this policy.
Chunghwa Telecom We are in compliance with this policy. There are ePKI Root CA Self-issued Certificates(old with new and new with old) in audit report and management's assertions and ePKI Root CA's repository. Self-issued Certificates are defined as RFC 5280 or ePKI Root CA's CPS. We have amended these two CAs Names in CCADB before Feb 9, 2018 to let their names as CA's Common Name or Organizaiotn Name plus "(ePKI Root CA Self-issued Certificate(new with old))" or "(ePKI Root CA Self-issued Certificate(old with new))". So they will not be confused with ePKI Root CA self-signed certificates.
ComSign We intend to comply with this policy before 15-April 2018.
Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) We are in compliance with this policy.
Cybertrust Japan / JCSI We are in compliance with this policy.
D-TRUST We are in compliance with this policy.
Dhimyotis / Certigna We are in compliance with this policy.
DigiCert We intend to comply with this policy before 15-April 2018. We are concerned that many CAs capable of issuing S/MIME certificates will not be able to meet this deadline.
Disig, a.s. We are in compliance with this policy.
DocuSign (OpenTrust/Keynectis) We are in compliance with this policy.
E-Tugra We are in compliance with this policy.
EDICOM We are in compliance with this policy.
Entrust We are in compliance with this policy. No comments.
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) We are in compliance with this policy.
GlobalSign We are in compliance with this policy.
GoDaddy We are in compliance with this policy. All subordinate CA certificates are disclosed in our CP/CPS.
Google Trust Services LLC (GTS) We are in compliance with this policy.
Government of Hong Kong (SAR), Hongkong Post, Certizen We are in compliance with this policy.
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) We are in compliance with this policy.
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) We are in compliance with this policy.
Government of Taiwan, Government Root Certification Authority (GRCA) We are in compliance with this policy.
Government of The Netherlands, PKIoverheid (Logius) We are in compliance with this policy.
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) We are in compliance with this policy.
HARICA We are in compliance with this policy.
IdenTrust Services, LLC We are in compliance with this policy.
Internet Security Research Group (ISRG) We are in compliance with this policy.
Izenpe S.A. We are in compliance with this policy.
Krajowa Izba Rozliczeniowa S.A. (KIR) We are in compliance with this policy.
LuxTrust We are in compliance with this policy.
Microsec Ltd. We are in compliance with this policy.
NetLock Ltd. We are in compliance with this policy.
OISTE We intend to comply with this policy before 15-April 2018. As previously communicated, there are two issuing CAs (operated by WISeKey) that can issue S/MIME certificates without name constraints (but not able to issue SSL by EKU constraints). It's been already decided that these CAs will be reissued before 15/April to remove the S/MIME EKU.
QuoVadis We intend to comply with this policy before 15-April 2018. Have started adding.
SECOM Trust Systems CO., LTD. We intend to comply with this policy before 15-April 2018.
SK ID Solutions AS We are in compliance with this policy.
SSL.com We are in compliance with this policy. None.
Sectigo We are in compliance with this policy.
SecureTrust We are in compliance with this policy.
SwissSign AG We intend to comply with this policy before 15-April 2018.
Swisscom (Switzerland) Ltd We intend to comply with this policy before 15-April 2018.
T-Systems International GmbH (Deutsche Telekom) We intend to comply with this policy before 15-April 2018.
Taiwan-CA Inc. (TWCA) We are in compliance with this policy. Our root and intermediate certificates had all upload to CCADB.
Telia Company (formerly TeliaSonera) We intend to comply with this policy before 15-April 2018. Telia will resign some of our client CA certificates to be fully compatible or disclose the related intermediate CAs.
TrustCor Systems We are in compliance with this policy.
Trustis We are in compliance with this policy.
Visa We are in compliance with this policy.
Web.com We are in compliance with this policy.
certSIGN We are in compliance with this policy.