| SUB ITEM 4.1: CA/Browser Forum defined-policy OID in Subscriber Cert certificatePolicies The proposal is to add the following text to section 7.1.6.4 of the BRs: “A Certificate issued to a Subscriber MUST contain, within the Certificate's certificatePolicies extension, one or more policy identifier(s) that are specified beneath the CA/Browser Forum's reserved policy OID arc of {joint-iso-itu-t(2) international-organizations(23) ca-browser-forum(140) certificate-policies(1)} (2.23.140.1).” Note: This item is also being tracked in regards to directly updating Mozilla's Root Store Policy via https://github.com/mozilla/pkipolicy/issues/212. |
|---|
| SUB ITEM 4.1 DATE |
| SUB ITEM 4.1 COMMENTS |
| CA Owner | Response | Response | Response |
|---|---|---|---|
| AC Camerfirma, S.A. | Our CA already does this. | ||
| Actalis | Our CA already does this. | ||
| Amazon Trust Services | Our CA already does this. | ||
| Asseco Data Systems S.A. (previously Unizeto Certum) | Our CA already does this. | ||
| Atos | Our CA already does this. | ||
| Autoridad de Certificacion Firmaprofesional | Our CA should be able to implement this by the date specified below. | 2020 Jul 31 | In spite of the fact that our CA already adds plenty of OIDs AND already do exist internationally accepted OIDs, such as: {itu-t(0) identified-organization(4) etsi(0) other-certificate-policies(2042) policy-identifiers(1) evcp(4)} |
| Buypass | Our CA already does this. | ||
| China Financial Certification Authority (CFCA) | Our CA already does this. | ||
| Chunghwa Telecom | Our CA already does this. | ||
| Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) | Other (please describe below) | Although our CA still has the website bit enabled, we do not issue TLS Certificates since 1st-January-2020.The last one was issued in 27th-December-2019. Related bugs/information: https://bugzilla.mozilla.org/show_bug.cgi?id=1496616#c22 https://bugzilla.mozilla.org/show_bug.cgi?id=1621159 | |
| Cybertrust Japan / JCSI | Our CA already does this. | ||
| D-TRUST | Other (please describe below) | We do not see any added value in the CA/Browser Forum's reserved policy OIDs, since our OID concept already sufficiently classifies the applicable policies and intended usage of issued certificates. For details please see: https://www.d-trust.net/internet/files/D-TRUST_CP.pdf, Chapter 1.1.3 “Properties of the PKI and notation”. | |
| Deutsche Telekom Security GmbH | Our CA already does this. | ||
| Dhimyotis / Certigna | Our CA already does this. | ||
| DigiCert | Our CA already does this. | Apple SubCA: For Organization Validated TLS Certificates Apple includes 2.23.140.1.2.2. For Extended Validation TLS Certificates, Apple includes 2.23.140.1.1. | |
| Disig, a.s. | Our CA already does this. | ||
| E-Tugra | Our CA should be able to implement this by the date specified below. | 2020 Jul 30 | |
| Entrust | Our CA already does this. | ||
| Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) | Our CA already does this. | ||
| GlobalSign nv-sa | Our CA already does this. | ||
| GoDaddy | Our CA already does this. | ||
| Google Trust Services LLC | Our CA already does this. | ||
| Government of Hong Kong (SAR), Hongkong Post, Certizen | Our CA already does this. | ||
| Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) | Our CA already does this. | ||
| Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) | Our CA should be able to implement this by the date specified below. | 2020 Aug 31 | |
| Government of Taiwan, Government Root Certification Authority (GRCA) | Other (please describe below) | GRCA and its sub CAs do not issue any TLS certificates since 18-Seepteember 2019, and we will revoke all TLS certificates on 7/19/2020. Our root cert will be removed from Mozilla's root store after 7/19/2020 Please see: https://bugzilla.mozilla.org/show_bug.cgi?id=1463975 | |
| Government of The Netherlands, PKIoverheid (Logius) | Our CA already does this. | ||
| Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) | Our CA already does this. | ||
| HARICA | |||
| IdenTrust Services, LLC | Our CA already does this. | ||
| Internet Security Research Group | Our CA already does this. | ||
| Izenpe S.A. | Our CA already does this. | ||
| Krajowa Izba Rozliczeniowa S.A. (KIR) | Our CA should be able to implement this by the date specified below. | 2020 Sep 1 | |
| Microsec Ltd. | Our CA already does this. | ||
| NETLOCK Kft. | Our CA already does this. | ||
| OISTE | Our CA already does this. | ||
| QuoVadis | Our CA already does this. | ||
| SECOM Trust Systems CO., LTD. | Our CA already does this. | ||
| SK ID Solutions AS | Other (please describe below) | Please note that SK has terminated issuance of TLS Server Certificates as of September 1st 2017 and therefore we are unable to meet this requirement. The last TLS certificate will expire in September 2020. | |
| SSL.com | Our CA already does this. | ||
| Sectigo | Our CA already does this. | ||
| SecureTrust | Our CA already does this. | ||
| Shanghai Electronic Certification Authority Co., Ltd. | Our CA already does this. | ||
| SwissSign AG | Our CA already does this. | ||
| Taiwan-CA Inc. (TWCA) | Our CA should be able to implement this by the date specified below. | 2020 Sep 30 | |
| Telia Company | Our CA already does this. | 2020 Jun 1 | Only BR OIDs used for years in our SSL certificates. |
| TrustCor Systems | Our CA already does this. | ||
| Trustis | Other (please describe below) | End-entity certificate issuance under the current service has been discontinued. | |
| Web.com | Our CA already does this. | ||
| certSIGN | Our CA already does this. | ||
| eMudhra Technologies Limited | Our CA already does this. |