IPSCA SSL certificate (root "IPS SERVIDORES") not trusted by Mozilla

VERIFIED INVALID

Status

P3
normal
VERIFIED INVALID
17 years ago
2 years ago

People

(Reporter: rickstockton, Assigned: ssaux)

Tracking

1.0 Branch
x86
All

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

17 years ago
The home page of the company's SSL certificate product offerings is
http://certs.ipsca.com/. The URL above is the SSL test page. This root (IPS
SERVIDORES) has been accepted by Microsoft since 1999 (all IE5 and newer browsers). 

The company offers condolences for the "sadly" declining market share of
Netscape at the bottom of this home page. Is there any reason why we should not
trust this root CA? If no such reason exists, we should add them to our current
list.

Comment 1

17 years ago
As far as I understand, Certificate Authorities pay to be in Netscape product's 
built in list of CA's. 
It appears that this company is saving money and passing on the savings to those 
who want server certs, but are willing to accept the fact that they are not 
built-in to Netscape browsers.
To quote them - "Why should you pay 100$ or even 300$, when you can get the same 
product for 69$, for two years!" Their web page pretty much spells out their 
intentions.
The browser user's workaround is to "Remember this web site cert" when visiting 
secure web sites using server certs issued by this company.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago
Priority: -- → P3
Resolution: --- → INVALID
Version: unspecified → 2.4

Comment 2

17 years ago
Reopening for discussion. Comments from the reporter:
Is the 'Mozilla Community' 
_NOT_ free to include an AICPA Webtrust Certified vendor performing in 
compliance with all Standard CA practices?

And subsequently, is Netscape _NOT_ perfectly free to strip them back 
out of the NETSCAPE versions unless they pay for the priviledge of being 
kept (in the NETSCAPE software products)?

Netscape employs and therefore (somewhat) "donates" lots of Developers, 
Q/A analysts, and Designers to Mozilla. But I have a <problem> when a 
"Community" product implements reduced functionality in the "Community" 
version for the purpose of allowing a private company to shake down 
others for $$$ before "allowing" the correct functionality to be 
restored (in the "Open Community" software). This clearly sucks for 
everyone EXCEPT people who work for Netscape and people who own stock in 
the parent company. I understand that without these two groups of 
people, Mozilla wouldn't exist.

I opened this bug with the goal of assisting Mozilla to be the best 
browser. Do you feel that I should adjust to a more $$$-oriented view of 
this particular "Open Source Community", or is there a different concept 
which I'm not even being to the table?
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---

Comment 3

17 years ago
Still waiting for discussion. This is the opposite of bug 77014 - "Mozilla's CA 
Certificates list should be empty by default".
The reporter of this bug (168878) suggests that more CA's be added to Mozilla 
than appear in the Commercial product. Some problems and questions.
1.) Who would decide what new CA's get into Mozilla, by criteria or some kind 
of voting perhaps?
2.) Who would update the mozilla tree to allow this to happen?
3.) Who decides what CAs get into Netscape products now?
There is also a workaround for each individual user at seguro.ips.es. Visit 
http://certs.ipsca.com/companyIPSipsCA/Default.htm and trust the Root and 
Intermediate certs. That will add their CAs to the permanent DB.
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 4

17 years ago
Marking invalid. A representative from seguro.ips.es has been contacted about 
how to get the cert into Mozilla.
Status: NEW → RESOLVED
Last Resolved: 17 years ago17 years ago
Resolution: --- → INVALID

Comment 5

17 years ago
Verified.
Status: RESOLVED → VERIFIED

Updated

14 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

11 years ago
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.