Closed Bug 168878 Opened 22 years ago Closed 22 years ago

IPSCA SSL certificate (root "IPS SERVIDORES") not trusted by Mozilla

Categories

(Core Graveyard :: Security: UI, defect, P3)

1.0 Branch
x86
All
defect

Tracking

(Not tracked)

VERIFIED INVALID

People

(Reporter: rickstockton, Assigned: ssaux)

References

()

Details

The home page of the company's SSL certificate product offerings is http://certs.ipsca.com/. The URL above is the SSL test page. This root (IPS SERVIDORES) has been accepted by Microsoft since 1999 (all IE5 and newer browsers). The company offers condolences for the "sadly" declining market share of Netscape at the bottom of this home page. Is there any reason why we should not trust this root CA? If no such reason exists, we should add them to our current list.
As far as I understand, Certificate Authorities pay to be in Netscape product's built in list of CA's. It appears that this company is saving money and passing on the savings to those who want server certs, but are willing to accept the fact that they are not built-in to Netscape browsers. To quote them - "Why should you pay 100$ or even 300$, when you can get the same product for 69$, for two years!" Their web page pretty much spells out their intentions. The browser user's workaround is to "Remember this web site cert" when visiting secure web sites using server certs issued by this company.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Priority: -- → P3
Resolution: --- → INVALID
Version: unspecified → 2.4
Reopening for discussion. Comments from the reporter: Is the 'Mozilla Community' _NOT_ free to include an AICPA Webtrust Certified vendor performing in compliance with all Standard CA practices? And subsequently, is Netscape _NOT_ perfectly free to strip them back out of the NETSCAPE versions unless they pay for the priviledge of being kept (in the NETSCAPE software products)? Netscape employs and therefore (somewhat) "donates" lots of Developers, Q/A analysts, and Designers to Mozilla. But I have a <problem> when a "Community" product implements reduced functionality in the "Community" version for the purpose of allowing a private company to shake down others for $$$ before "allowing" the correct functionality to be restored (in the "Open Community" software). This clearly sucks for everyone EXCEPT people who work for Netscape and people who own stock in the parent company. I understand that without these two groups of people, Mozilla wouldn't exist. I opened this bug with the goal of assisting Mozilla to be the best browser. Do you feel that I should adjust to a more $$$-oriented view of this particular "Open Source Community", or is there a different concept which I'm not even being to the table?
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Still waiting for discussion. This is the opposite of bug 77014 - "Mozilla's CA Certificates list should be empty by default". The reporter of this bug (168878) suggests that more CA's be added to Mozilla than appear in the Commercial product. Some problems and questions. 1.) Who would decide what new CA's get into Mozilla, by criteria or some kind of voting perhaps? 2.) Who would update the mozilla tree to allow this to happen? 3.) Who decides what CAs get into Netscape products now? There is also a workaround for each individual user at seguro.ips.es. Visit http://certs.ipsca.com/companyIPSipsCA/Default.htm and trust the Root and Intermediate certs. That will add their CAs to the permanent DB.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Marking invalid. A representative from seguro.ips.es has been contacted about how to get the cert into Mozilla.
Status: NEW → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → INVALID
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.