Closed Bug 590593 Opened 14 years ago Closed 8 years ago

Add Collier Technologies LLC CA root certificate

Categories

(CA Program :: CA Certificate Root Program, task)

x86_64
Linux
task
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: cjac, Assigned: kwilson)

References

()

Details

(Whiteboard: Information incomplete)

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.11) Gecko/20100720 Iceweasel/3.5.10 (like Firefox/3.5.10)
Build Identifier: 

We expect to have the required documents gathered and published by 1-1-2011.  Please consider this bug a request for comments.

Reproducible: Always

Steps to Reproduce:
$ ls /etc/ssl/certs/ | grep Collier | wc -l




Expected Results:  
1


I am also discussing inclusion with Microsoft's access & security team, Google's infrastructure team and debian's package maintainers.
For information about Mozilla's root inclusion process and timeline, see https://wiki.mozilla.org/CA:How_to_apply 

Please provide the information listed here:
https://wiki.mozilla.org/CA:Information_checklist

Please also see the following:
http://www.mozilla.org/projects/security/certs/policy/
https://wiki.mozilla.org/CA:Recommended_Practices
https://wiki.mozilla.org/CA:Problematic_Practices
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
CA Name: Collier Technologies LLC
URL: http://www.colliertech.org/
Type: Washington State Limited Liability Company
Market: IPSec, https/SSL, Personal Identity Verification

(more as time permits)
Summary: Application for inclusion of Collier Technologies LLC CA: 1-1-11 → Add Collier Technologies LLC CA root certificate
Whiteboard: Information incomplete
I've spoken with an auditor (Moss Adams) about reviewing my IT.  They have not gotten back to me with an estimate yet.

Today I contacted one of the WA State Licensed CAs about issuing Collier Technologies a certificate as required by 434-180-200 WAC
CRL:

http://www.colliertech.org/state/19.34_RCW/CRL/

I checked with Moss Adams.  They assure me that they are still looking into my request.  Quis custodiet ipsos custodes?  I hope they don't plan on charging me for learning debian.
Is this request still valid?
Still working on it.  Sorry it's taking so long.  Moss Adams hasn't been very proactive, but I have also not acquired a suitable guarantee (434-180-225 WAC) or come up with the $1400 for the application fee (434-180-130 WAC).

http://www.colliertech.org/state/19.34_RCW/Operative_Personnel_Certification_2010_p2-lowres.png

http://apps.leg.wa.gov/WAC/default.aspx?cite=434-180-200
I've scheduled a meeting with Coalfire Systems here in Seattle on the 10th.

I'll update the ticket as more information becomes available.
We got a bid from Coalfire Systems.  It looks like it will be about $10K to have the audit performed.  We are now setting aside some capital for the expense.
Please note that Mozilla's CA Certificate Maintenance Policy requires an annual audit.

http://www.mozilla.org/projects/security/certs/policy/MaintenancePolicy.html
"4. We require that all CAs whose certificates are distributed with our software products provide us an updated statement annually of attestation of their conformance to the stated verification requirements and other operational criteria by a competent independent party or parties, as outlined in this policy. ..."

Also please note in Mozilla's CA Certificate Inclusion Policy:
http://www.mozilla.org/projects/security/certs/policy/InclusionPolicy.html
"6. We require that all CAs whose certificates are distributed with our software products:
- provide some service relevant to typical users of our software products;"

Rather than applying to get your root certificate included in Mozilla products, have you thought about contacting one of the CAs who already have a root certificate included?
This is also a requirement of the State of Washington's Electronic Authentication Act (19.34 RCW).  We will forward the audit report to Mozilla at the same time we forward it to the Secretary of State.

http://apps.leg.wa.gov/wac/default.aspx?cite=434-180-240

We have considered applying to get the certificate included by a third party CA, but would instead prefer to be recognized as a trust anchor.

Thank you for reviewing this bug.  Mozilla's attention to detail is one of the reasons we are requesting recognition from you rather than a third party.
currently working with the folks at tycho.nsa.gov to bring our distribution (Debian) into compliance with common criteria requirements.
When you are ready to proceed, please update this bug to provide the information listed here: https://wiki.mozilla.org/CA:Information_checklist
There's no update from CA for more than 1.5 year. Closing this bug for now as Won't fix.
If CA ever provide further information, this bug will be re-opened.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.