Per my comments in bug 279728 I have approved NetLock to have its four CA certificates (Qualified, Notary, Business, and Express) included in Mozilla/Firefox/Thunderbird/etc. The CA certificates and trust bits are as listed at <http://www.hecker.org/mozilla/ca-certificate-list>. (Basically the CA certificates are approved for all purposes, except for Qualified which is approved for S/MIME and object signing only.) SHA-1 digests for the certs are as follows: Qualified (Class QA) CA: E1 BC B2 5F E6 25 47 F6 75 45 A8 77 2A 54 2B 55 F7 2D B3 AE Notary (Class A) CA: AC ED 5F 65 53 FD 25 CE 01 5F 1F 7A 48 3B 6A 74 9F 61 78 C6 Business (Class B) CA: 87 9F 4B EE 05 DF 98 58 3B E3 60 D6 33 E7 0D 3F FE 98 71 AF Express (Class C) CA: E3 92 51 2F 0A CF F5 05 DF F6 DE 06 7F 75 37 E1 65 EA 57 4B Note that since bug 277797 is still outstanding, at present I am requesting only addition of the Notary, Business, and Express CA certificates to NSS. Addition of the Qualified CA certificate should be done once bug 277797 is resolved in a manner that permits the Qualified certificate to be added.

The certs and patch for this bug have been attached to bug 275576.

Marking fixed. See bug 275576.

Verified with NSS 3.10 Beta 3 that the NetLock Notary (Class A) CA, Business (Class B) CA, and Express (Class C) CA are in the "Builtin Object Token" with the following trust settings: This certificate can identify web sites. This certificate can identify mail users. This certificate can identify software makers. Mozilla/Firefox trunk nightly builds on 2005-04-13 or later will have these root CA certs. The upcoming milestone releases are Mozilla 1.8 Beta 2 and Firefox/Thunderbird 1.1 Alpha.