Open Bug 1023726 Opened 6 years ago Updated 1 year ago

LAWtrust Root CA certificate inclusion in NSS

Categories

(NSS :: CA Certificate Root Program, task)

task
Not set

Tracking

(Not tracked)

ASSIGNED

People

(Reporter: nielvg, Assigned: katekani)

References

Details

(Whiteboard: [ca-verifying])

Attachments

(4 files, 1 obsolete file)

146.43 KB, application/pdf
Details
199.43 KB, application/pdf
Details
2.60 KB, text/plain
Details
2.77 KB, application/x-x509-ca-cert
Details
LAWtrust would like to submit a request for the inclusion of their LAWtrust Root Certification Authority 2048 certificate in the NSS.
Severity: normal → critical
Assignee: nobody → kwilson
Product: NSS → mozilla.org
Version: 3.0 → other
Duplicate of this bug: 1104686
I wasn't notified about this bug, because it was in the wrong Component.

I will begin the Information Verification phase, and update this bug soon.
https://wiki.mozilla.org/CA:How_to_apply#Information_Verification
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
The attached document summarizes the information that has been verified.

Please search the document for "Need Response" and "Need Clarification" to find the parts where information and clarification is still needed.

Please review the full document for accuracy and completeness, and provide the necessary information in this bug.
Whiteboard: Information incomplete
Attached file Bugzilla 1023726.pdf
Attached is the response to the notes made in the bug 1023726
Attachment #8438194 - Attachment is obsolete: true
According to my notes...

This root currently has two internally-operated intermediate certificates:
1) LAWtrust Certification Authority 2048
2) LAWtrust AeSign Certification Authority 2048

The Root CA CPS only addresses subordinate CA certificates, so there will therefore be no mention of end-user certificates other than subordinate CA certificates. The CPS for the subordinate CAs chained into the LAWtrust root CA, will stipulate the rules in question, for example the AESign CPS in the LAWtrust repository.

On https://www.lawtrust.co.za/repository/ I found the documents for "LAWtrust AeSign Certification Authority 2048"
AeSign CPS: https://www.lawtrust.co.za/wp-content/uploads/LT_ISP_IS_AES_CPS_001-18-12-2013_signed.pdf
AeSign Charter:
https://www.lawtrust.co.za/wp-content/uploads/LAWtrust-AES-Charter_002-05-12-2014.pdf 

However, I have not been able to find the documents for "LAWtrust Certification Authority 2048". Please provide the URLs.

Also...
In AeSign CPS section 3.2.4: "In cases where the LAWtrust AeSign Certificate will be used for digitally signing and/or encrypting eMail the LAWtrust AeSign RA shall establish reasonable proof that the person submitting the certificate request controls the eMail account associated with the eMail address referenced in the LAWtrust AeSign Certificate."

Where is it documented HOW this is done?
Please see https://wiki.mozilla.org/CA:Recommended_Practices#Verifying_Email_Address_Control
Why is this bug report marked with Severity = Critical?
Severity: critical → enhancement
Attached file EndEntity-test123.cert
Attached file Intermediate.cert
Attachment #8611348 - Attachment mime type: application/x-x509-ca-cert → text/plain
Assignee: kwilson → frlee
Please note that nielvg is no longer driving this process.

Please forward all future responses to rian@lawtrust.co.za and bruce@lawtrust.co.za
Flags: needinfo?(frlee)
hi Rian,

thanks for informing. could you please double check if bruce has created a bugzilla account?

thank you very much
Flags: needinfo?(frlee)
Assignee: frlee → awu
Whiteboard: Information incomplete → [ca-verification]
Hi

I am not associated with LAWtrust and this request anymore. I have requested LAWtrust numerous times to remove me from the communications without success. Please remove me from any communication relating to this request. If you cannot remove me as the requester then please close this bug.

Kind regards
Niel van Greunen
(In reply to Niel van Greunen from comment #11)

My apologies. I do not know how to change the reporter of a Bugzilla Bug so that you will stop getting notifications. I have filed Bug #1345170 to get help on this.
Niel,
It looks like the best way for you to stop getting email about this bug is as follows:
1) Click the 'Edit' button at the top of this Bug's window
2) Check the box 'Never email me about this bug' at the bottom of the window (only appears in Edit mode)
3) Click the 'Save Changes' button at the bottom of the window
Whiteboard: [ca-verification] → [ca-verifying]
Product: mozilla.org → NSS
Bulk reassign, see https://bugzilla.mozilla.org/show_bug.cgi?id=1430324
Assignee: awu → kwilson

Good day

We would like to continue with this process of getting our Root into Mozilla. I am now the assigned resource to deal with all the questions and updates to this bug.

Kindly assign me as the owner of the bug.

Many thanks and kind regards

Assignee: kwilson → katekani
QA Contact: kwilson

The information for this root inclusion request is here:

https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000054

Katekani, you may directly update the information via the CCADB here:

https://ccadb.force.com/500o0000002EqPq

Please send me email if you have any questions or problems updating the Case and Root Case directly in the CCADB.

Add another comment to this Bugzilla Bug when the information in the Case and Root Case has been updated and is ready for me to review.

More information, and and example is available here:
https://wiki.mozilla.org/CA/Information_Checklist

You need to log in before you can comment on or make changes to this bug.