Closed
Bug 279728
Opened 20 years ago
Closed 18 years ago
Request to add NetLock CA certificates
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: hecker, Assigned: hecker)
References
(Depends on 1 open bug, )
Details
NetLock is a CA located in Hungary. They have four root CAs: NetLock Qualified
(Class QA), NetLock Notary (Class A), NetLock Business (Class B), and NetLock
Express (Class C). See <http://www.hecker.org/mozilla/ca-certificate-list> for
more information.
NetLock apparently has completed a WebTrust for CA audit (by Ernst & Young), but
the CA is not listed on the WebTrust "sites with seals" page, and I can't find
any other online information regarding their WebTrust status. See also bug
277797 concerning a problem importing one of the NetLock certificates.
Approval of NetLock CA certificates for inclusion in Mozilla-related software
will depend on resolving the question of NetLock's WebTrust status and
(possibly) resolving bug 277797.
Comment 1•20 years ago
|
||
We can't add this CA's "qualified" CA cert until bug 277797 is resolved.
Depends on: 277797
Assignee | ||
Comment 2•20 years ago
|
||
I got a copy of the NetLock audit report (in the form of JPEG page images
scanned in from the original paper document) and have linked to it from
<http://www.hecker.org/mozilla/ca-certificate-list>. This appears to satisfy the
requirement for a WebTrust/WebTrust-equivalent audit.
The remaining issues appear to be as follows:
1. The issue with the Qualified CA discussed in bug 277797. IMO this doesn't
affect my approval of NetLock in general, it simply affects when/if the
Qualified CA root certificate can be actually added.
2. The recommended trust bits for the various NetLock CA certificates. This is
not strictly speaking needed for my approval, but *is* needed for the actual
addition of the certificates to NSS. I need answers to the following questions
for each of the four CAs (qualified/notary/business/express):
a. Does the CA issue certificates for use by SSL-enabled web servers (or other
SS-enabled servers)?
b. Does the CA issue certificates for use in sending/receiving signed and/or
encrypted email?
P.S. Also accepting this bug -- I forgot to do this earlier.
c. Does the CA issue certificates for use by software developers creating
digitally signed code objects (e.g., Java applets, ActiveX controls, etc.)?
Status: NEW → ASSIGNED
Comment 3•20 years ago
|
||
> 2. The recommended trust bits for the various NetLock CA certificates. This is
> not strictly speaking needed for my approval, but *is* needed for the actual
> addition of the certificates to NSS. I need answers to the following questions
> for each of the four CAs (qualified/notary/business/express):
My answers are in the same order.
> a. Does the CA issue certificates for use by SSL-enabled web servers (or other
> SS-enabled servers)?
no/yes/yes/yes
> b. Does the CA issue certificates for use in sending/receiving signed and/or
> encrypted email?
yes/yes/yes/yes
> c. Does the CA issue certificates for use by software developers creating
> digitally signed code objects (e.g., Java applets, ActiveX controls, etc.)?
yes/yes/yes/yes
So, except the qualified, all of them are used to all the purposes,
the only difference that the qualified isn't issue SSL certificates.
Thanks for your help.
Assignee | ||
Comment 4•20 years ago
|
||
I'm approving this request based on NetLock's successful completion of a
WebTrust audit, and have filed bug 280744 for the actual addition of the certs
to NSS.
Depends on: 280744
Comment 5•20 years ago
|
||
Current Status
NetLock Notary (Class A), NetLock Business (Class B), and NetLock
Express (Class C) have been added to NSS. They will be in
Mozilla 1.8 Beta 2 and Firefox/Thunderbird ("Aviary") 1.1 Alpha.
NetLock Qualified (Class QA) has not been added to NSS because of
bug 277797.
Comment 6•18 years ago
|
||
Bug 313942 now requests inclusion of the new Netlock Class QA root cert.
The other CA certs requested in this RFE have been completed.
So I'm marking this resolved/fixed.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: mozilla.org → NSS
Updated•2 years ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•