April 2017 CA Communication

ACTION 7: BR COMPLIANCE BUGS Resolve all of your CA's Bugzilla Bugs regarding BR Compliance and Incidents, as listed here: https://wiki.mozilla.org/CA/ca-bugs

CA Owner Response
AC Camerfirma, S.A. We are inprocess of revoking all certificates with SAN duplicated. We plan to have all revoked by May 31th
Actalis Not Applicable
Amazon Trust Services Not Applicable
Asseco Data Systems S.A. (previously Unizeto Certum) Not Applicable
Autoridad de Certificacion Firmaprofesional Not Applicable
Buypass Not Applicable.
Certicámara Not applicable.
Certinomis / Docapost Not Applicable
China Financial Certification Authority (CFCA) Not Applicable
Chunghwa Telecom Not Applicable. Our CA is not on the list. We will use certlint and x509lint to ensure the compliance of our CA in the near future. Domain Validation will be executed strictly.
ComSign Not Applicable
Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) Not Applicable
Cybertrust Japan / JCSI Not Applicable
D-TRUST Not Applicable
Deutsche Telekom Security GmbH Not Applicable
Deutscher Sparkassen Verlag GmbH (S-TRUST, DSV-Gruppe) Not Applicable
DigiCert We don't have a date for 1335132. All certs have been revoked but there is still an open question on the transition. I think it'll be at least a year. The other two should be closed.
Disig, a.s. Not Applicable
DocuSign (OpenTrust/Keynectis) Indicate the dates by which your BR Compliance and Incident Bugzilla Bugs will be resolved. If there are no such Bugzilla Bugs for your CA, then write "Not Applicable". Not Applicable
E-Tugra Not Applicable
EDICOM Pending BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1239329 , Add Renewed ACEDICOM root certificate(s) We don't have stimated time since it does not only depends on EDICOM.
Entrust Not Applicable
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) Not Applicable.
GlobalSign We have 2 Bugs listed. Bug 1347882: We revoked the 2 cross certificates on 19 Apr, status updated in CCADB. We have informed our auditor to include "GlobalSign Extended Validation CA - SHA256 - G2" in the audit report. Bug 1353833: We have provided answer to the query about "how many of the 945 domains failed their attempted re-validation". And "there is no further action at this time" as commented by Gerv.
GoDaddy Bug 988633 - DER: default value of OPTIONAL BOOLEAN explicitly encoded. Workaround to be removed in Bug #989518. The problem was resolved in June 2014. The last certificate containing this defect that is signed with SHA-2 expires 5/1/2019. Bug 1341014 - Domain validation issue. Steps 1, 2, and 3 are complete. Step 4 (AUP report from auditor) is on track to be delivered by the 13-May due date.
Google Trust Services LLC (GTS) Not Applicable for Google Trust Services. GlobalSign still has https://bugzilla.mozilla.org/show_bug.cgi?id=1347882 open which relates to the R2/R4 purchase, so we are indirectly affected.
Government of Hong Kong (SAR), Hongkong Post, Certizen Not Applicable
Government of Japan, Ministry of Internal Affairs and Communications Indicate the dates by which your BR Compliance and Incident Bugzilla Bugs will be resolved. If there are no such Bugzilla Bugs for your CA, then write "Not Applicable". Not Applicable
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) Not Applicable.
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) Not Applicable
Government of Taiwan, Government Root Certification Authority (GRCA) Not Applicable. Our CA is not on the list.
Government of The Netherlands, PKIoverheid (Logius) Not applicable
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) Our CA does not have Bugzilla bugs.
HARICA Not Applicable
IdenTrust Services, LLC Not Applicable
Internet Security Research Group (ISRG) Not Applicable
Izenpe S.A. Not Applicable
Krajowa Izba Rozliczeniowa S.A. (KIR) Not Applicable
LuxTrust "Not Applicable".
Microsec Ltd. "Not Applicable"
NetLock Ltd. Not Applicable
OISTE Not Applicable
PROCERT Not Applicable.
QuoVadis Not Applicable
SECOM Trust Systems CO., LTD. Not Applicable
SK ID Solutions AS Not Applicable
Sectigo Not Applicable
SecureTrust Not Applicable
Start Commercial (StartCom) Ltd. Not Applicable
SwissSign AG Not Applicable
Swisscom (Switzerland) Ltd One remaining Bugzilla bug 1195115 is resolved and proposed to close: Swisscom stopps issuing SSL certificates. The websites trust bit will be removed (see https://bugzilla.mozilla.org/show_bug.cgi?id=1359515). As no additional SSL certificates will be issued and the acceptance of the existing certificates will be terminated, hence there is no issue with BR Compliance any more.
Symantec Because the topics related to Bugzilla 1334377 remain in discussion, we asked Mozilla about our requirements in responding to this topic. Mozilla has informed us that we should respond to this question without considering bug 1334377, because it's not yet decided how that issue will be addressed. Bugzilla 1334377 is the only issue assigned to Symantec at the ca-bugs page.
Telia Company (formerly TeliaSonera) Not Applicable
Trustis Bugzilla Bug No: 1353838 has been resolved.
TurkTrust "Not Applicable".
Visa Not Applicable
Web.com Not Applicable
WoSign CA Limited Not applicable.
certSIGN Not Applicable.