May 2020 CA Communication

SUB ITEM 4.1: CA/Browser Forum defined-policy OID in Subscriber Cert certificatePolicies The proposal is to add the following text to section 7.1.6.4 of the BRs: “A Certificate issued to a Subscriber MUST contain, within the Certificate's certificatePolicies extension, one or more policy identifier(s) that are specified beneath the CA/Browser Forum's reserved policy OID arc of {joint-iso-itu-t(2) international-organizations(23) ca-browser-forum(140) certificate-policies(1)} (2.23.140.1).” Note: This item is also being tracked in regards to directly updating Mozilla's Root Store Policy via https://github.com/mozilla/pkipolicy/issues/212.
SUB ITEM 4.1 DATE
SUB ITEM 4.1 COMMENTS

CA Owner Response Response Response
AC Camerfirma, S.A. Our CA already does this.
Actalis Our CA already does this.
Amazon Trust Services Our CA already does this.
Asseco Data Systems S.A. (previously Unizeto Certum) Our CA already does this.
Atos Our CA already does this.
Autoridad de Certificacion Firmaprofesional Our CA should be able to implement this by the date specified below. 2020 Jul 31 In spite of the fact that our CA already adds plenty of OIDs AND already do exist internationally accepted OIDs, such as: {itu-t(0) identified-organization(4) etsi(0) other-certificate-policies(2042) policy-identifiers(1) evcp(4)}
Buypass Our CA already does this.
China Financial Certification Authority (CFCA) Our CA already does this.
Chunghwa Telecom Our CA already does this.
Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) Other (please describe below) Although our CA still has the website bit enabled, we do not issue TLS Certificates since 1st-January-2020.The last one was issued in 27th-December-2019. Related bugs/information: https://bugzilla.mozilla.org/show_bug.cgi?id=1496616#c22 https://bugzilla.mozilla.org/show_bug.cgi?id=1621159
Cybertrust Japan / JCSI Our CA already does this.
D-TRUST Other (please describe below) We do not see any added value in the CA/Browser Forum's reserved policy OIDs, since our OID concept already sufficiently classifies the applicable policies and intended usage of issued certificates. For details please see: https://www.d-trust.net/internet/files/D-TRUST_CP.pdf, Chapter 1.1.3 “Properties of the PKI and notation”.
Deutsche Telekom Security GmbH Our CA already does this.
Dhimyotis / Certigna Our CA already does this.
DigiCert Our CA already does this. Apple SubCA: For Organization Validated TLS Certificates Apple includes 2.23.140.1.2.2. For Extended Validation TLS Certificates, Apple includes 2.23.140.1.1.
Disig, a.s. Our CA already does this.
E-Tugra Our CA should be able to implement this by the date specified below. 2020 Jul 30
Entrust Our CA already does this.
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) Our CA already does this.
GlobalSign nv-sa Our CA already does this.
GoDaddy Our CA already does this.
Google Trust Services LLC Our CA already does this.
Government of Hong Kong (SAR), Hongkong Post, Certizen Our CA already does this.
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) Our CA already does this.
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) Our CA should be able to implement this by the date specified below. 2020 Aug 31
Government of Taiwan, Government Root Certification Authority (GRCA) Other (please describe below) GRCA and its sub CAs do not issue any TLS certificates since 18-Seepteember 2019, and we will revoke all TLS certificates on 7/19/2020. Our root cert will be removed from Mozilla's root store after 7/19/2020 Please see: https://bugzilla.mozilla.org/show_bug.cgi?id=1463975
Government of The Netherlands, PKIoverheid (Logius) Our CA already does this.
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) Our CA already does this.
HARICA
IdenTrust Services, LLC Our CA already does this.
Internet Security Research Group Our CA already does this.
Izenpe S.A. Our CA already does this.
Krajowa Izba Rozliczeniowa S.A. (KIR) Our CA should be able to implement this by the date specified below. 2020 Sep 1
Microsec Ltd. Our CA already does this.
NETLOCK Kft. Our CA already does this.
OISTE Our CA already does this.
QuoVadis Our CA already does this.
SECOM Trust Systems CO., LTD. Our CA already does this.
SK ID Solutions AS Other (please describe below) Please note that SK has terminated issuance of TLS Server Certificates as of September 1st 2017 and therefore we are unable to meet this requirement. The last TLS certificate will expire in September 2020.
SSL.com Our CA already does this.
Sectigo Our CA already does this.
SecureTrust Our CA already does this.
Shanghai Electronic Certification Authority Co., Ltd. Our CA already does this.
SwissSign AG Our CA already does this.
Taiwan-CA Inc. (TWCA) Our CA should be able to implement this by the date specified below. 2020 Sep 30
Telia Company Our CA already does this. 2020 Jun 1 Only BR OIDs used for years in our SSL certificates.
TrustCor Systems Our CA already does this.
Trustis Other (please describe below) End-entity certificate issuance under the current service has been discontinued.
Web.com Our CA already does this.
certSIGN Our CA already does this.
eMudhra Technologies Limited Our CA already does this.