September 2018 CA Communication

ACTION 6: Disclose Intermediate Certificates Later this year, we plan to begin preloading the certificate database shipped with Firefox with all intermediate certificates disclosed in the CCADB. This is an alternative to “AIA chasing” designed to reduce the incidence of “unknown issuer” errors caused by server operators neglecting to include intermediate certificates. Updates to the database will be provided for Firefox users on a regular basis. We rely on CAs to add new intermediate CA certificates to CCADB within a week of certificate creation, and before any such subordinate CA is allowed to issue certificates, as required by section 5.3.2 of our policy.
ACTION 6 COMMENTS

CA Owner Response Response
AC Camerfirma, S.A. We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Actalis We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Amazon Trust Services We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Asseco Data Systems S.A. (previously Unizeto Certum) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Atos We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Autoridad de Certificacion Firmaprofesional We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Buypass We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Certinomis / Docapost We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
China Financial Certification Authority (CFCA) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Chunghwa Telecom We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
ComSign We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Cybertrust Japan / JCSI We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
D-TRUST We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Dhimyotis / Certigna We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
DigiCert We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Disig, a.s. We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
DocuSign (OpenTrust/Keynectis) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
E-Tugra We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
EDICOM We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Entrust We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
GlobalSign We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
GoDaddy We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Google Trust Services LLC (GTS) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Government of Hong Kong (SAR), Hongkong Post, Certizen We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Government of Taiwan, Government Root Certification Authority (GRCA) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Government of The Netherlands, PKIoverheid (Logius) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
HARICA Other (please describe below) We are aware of the requirements to disclose non-Technically Constrained subCAs to CCADB and we have a process in place to update CCADB when we create such a subCA. According to the current Mozilla policy, Technically Constrained (TC) subCAs do not need to be disclosed in CCADB. We will consider adding the TC subCAs to CCADB to assist the chain validation process of Relying Parties.
IdenTrust Services, LLC We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Internet Security Research Group (ISRG) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Izenpe S.A. We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Krajowa Izba Rozliczeniowa S.A. (KIR) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
LuxTrust We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Microsec Ltd. We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
NetLock Ltd. We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
OISTE We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
QuoVadis We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
SECOM Trust Systems CO., LTD. We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
SK ID Solutions AS We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
SSL.com We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Sectigo We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
SecureTrust We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
SwissSign AG We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Swisscom (Switzerland) Ltd We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
T-Systems International GmbH (Deutsche Telekom) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Taiwan-CA Inc. (TWCA) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Telia Company (formerly TeliaSonera) We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
TrustCor Systems We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met Our internal policies and scripts require CA certificate generation to disclose to CCADB before the certificate generation ceremony is deemed complete. No end entity certificate can be signed until the ceremony is completed.
Trustis Other (please describe below) Certificate issuance has been discontinued and the service only provides revocation information for certificates that have not yet expired. If the service was continuing we would ensure the requirements for intermediate certificate disclosure were met.
TurkTrust We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
Web.com We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met
certSIGN We are aware of the requirements for intermediate certificate disclosure and have processes in place to ensure that these requirements are met