I'm now soliciting comments on the CA application from Swisscom, bug 342470:
Swisscom is a public commercial CA based in Switzerland; see the bug
report and my CA certificate list page for more information.
Swisscom does formal validation of organizational and individual
identity using government identity documents and related information. It
has successfully completed a formal audit using the ETSI TS 101 456
criteria.
Since this request seems pretty straightforward I'm going to have a
relatively brief comment period and then I'll make my final decision.
Frank

Swisscom issues CRLs how often? Do they have an CSP responder?

Since they issue certs that are compliant with EU digital signature
law, and have passed audit, I see no problems with this. (And
considering that they are probably going to be used by Swiss banks, it
ill-serves Mozilla's users to reject it.)
-Kyle H

7/5/06, Frank Hecker <hecker (AT) mozillafoundation (DOT) orgwrote:
I'm now soliciting comments on the CA application from Swisscom, bug 342470:

Swisscom is a public commercial CA based in Switzerland; see the bug
report and my CA certificate list page for more information.

Swisscom does formal validation of organizational and individual
identity using government identity documents and related information. It
has successfully completed a formal audit using the ETSI TS 101 456
criteria.

Since this request seems pretty straightforward I'm going to have a
relatively brief comment period and then I'll make my final decision.

Frank

Kyle Hamilton wrote:
Swisscom issues CRLs how often?

This is a good question. Based on section 7.2 of the CPS they appear to
issue new CRLs every 24 hours, with each CRL having a validity period of
7 days. I'll confirm this.

Do they have an CSP responder?

The CPS mentions CSP in several places, and gives
<http://ocsp.swissdigicert.chas the CSP URL. However I'm not sure the
service is active right now. I'll ask them about this as well.

Frank

Frank Hecker wrote:
Kyle Hamilton wrote:
>Swisscom issues CRLs how often?
<snip>
>Do they have an CSP responder?
I got answers to these questions; see the bug report (342470).
Frank

Frank Hecker wrote:
I'm now soliciting comments on the CA application from Swisscom, bug
342470:

Swisscom is a public commercial CA based in Switzerland; see the bug
report and my CA certificate list page for more information.

Swisscom does formal validation of organizational and individual
identity using government identity documents and related information. It
has successfully completed a formal audit using the ETSI TS 101 456
criteria.

Since this request seems pretty straightforward I'm going to have a
relatively brief comment period and then I'll make my final decision.

To echo my comments in bug 342470:

My apologies for not following up on this before now. As far as I'm
aware all questions relating to Swisscom have been answered, and they
appear to be in compliance with our CA policy, I am formally approving
their request to have their root CA certificate included in NSS and thus
Firefox and other Mozilla-based products.

I'll be filing a bug against NSS shortly for the actual cert addition.

Frank

Frank Hecker wrote:
To echo my comments in bug 342470:

My apologies for not following up on this before now. As far as I'm
aware all questions relating to Swisscom have been answered, and they
appear to be in compliance with our CA policy, I am formally approving
their request to have their root CA certificate included in NSS and thus
Firefox and other Mozilla-based products.

I'll be filing a bug against NSS shortly for the actual cert addition.

Filed bug 347880:

Frank