Closed
Bug 168878
Opened 22 years ago
Closed 22 years ago
IPSCA SSL certificate (root "IPS SERVIDORES") not trusted by Mozilla
Categories
(Core Graveyard :: Security: UI, defect, P3)
Tracking
(Not tracked)
VERIFIED
INVALID
People
(Reporter: rickstockton, Assigned: ssaux)
References
()
Details
The home page of the company's SSL certificate product offerings is
http://certs.ipsca.com/. The URL above is the SSL test page. This root (IPS
SERVIDORES) has been accepted by Microsoft since 1999 (all IE5 and newer browsers).
The company offers condolences for the "sadly" declining market share of
Netscape at the bottom of this home page. Is there any reason why we should not
trust this root CA? If no such reason exists, we should add them to our current
list.
Comment 1•22 years ago
|
||
As far as I understand, Certificate Authorities pay to be in Netscape product's
built in list of CA's.
It appears that this company is saving money and passing on the savings to those
who want server certs, but are willing to accept the fact that they are not
built-in to Netscape browsers.
To quote them - "Why should you pay 100$ or even 300$, when you can get the same
product for 69$, for two years!" Their web page pretty much spells out their
intentions.
The browser user's workaround is to "Remember this web site cert" when visiting
secure web sites using server certs issued by this company.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Priority: -- → P3
Resolution: --- → INVALID
Version: unspecified → 2.4
Comment 2•22 years ago
|
||
Reopening for discussion. Comments from the reporter:
Is the 'Mozilla Community'
_NOT_ free to include an AICPA Webtrust Certified vendor performing in
compliance with all Standard CA practices?
And subsequently, is Netscape _NOT_ perfectly free to strip them back
out of the NETSCAPE versions unless they pay for the priviledge of being
kept (in the NETSCAPE software products)?
Netscape employs and therefore (somewhat) "donates" lots of Developers,
Q/A analysts, and Designers to Mozilla. But I have a <problem> when a
"Community" product implements reduced functionality in the "Community"
version for the purpose of allowing a private company to shake down
others for $$$ before "allowing" the correct functionality to be
restored (in the "Open Community" software). This clearly sucks for
everyone EXCEPT people who work for Netscape and people who own stock in
the parent company. I understand that without these two groups of
people, Mozilla wouldn't exist.
I opened this bug with the goal of assisting Mozilla to be the best
browser. Do you feel that I should adjust to a more $$$-oriented view of
this particular "Open Source Community", or is there a different concept
which I'm not even being to the table?
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Comment 3•22 years ago
|
||
Still waiting for discussion. This is the opposite of bug 77014 - "Mozilla's CA
Certificates list should be empty by default".
The reporter of this bug (168878) suggests that more CA's be added to Mozilla
than appear in the Commercial product. Some problems and questions.
1.) Who would decide what new CA's get into Mozilla, by criteria or some kind
of voting perhaps?
2.) Who would update the mozilla tree to allow this to happen?
3.) Who decides what CAs get into Netscape products now?
There is also a workaround for each individual user at seguro.ips.es. Visit
http://certs.ipsca.com/companyIPSipsCA/Default.htm and trust the Root and
Intermediate certs. That will add their CAs to the permanent DB.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 4•22 years ago
|
||
Marking invalid. A representative from seguro.ips.es has been contacted about
how to get the cert into Mozilla.
Status: NEW → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → INVALID
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•