Closed Bug 168878 Opened 21 years ago Closed 21 years ago

IPSCA SSL certificate (root "IPS SERVIDORES") not trusted by Mozilla

Categories

(Core Graveyard :: Security: UI, defect, P3)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: rickstockton, Assigned: ssaux)

References

(
URL
)

Details

The home page of the company's SSL certificate product offerings is
http://certs.ipsca.com/. The URL above is the SSL test page. This root (IPS
SERVIDORES) has been accepted by Microsoft since 1999 (all IE5 and newer browsers). 

The company offers condolences for the "sadly" declining market share of
Netscape at the bottom of this home page. Is there any reason why we should not
trust this root CA? If no such reason exists, we should add them to our current
list.
As far as I understand, Certificate Authorities pay to be in Netscape product's 
built in list of CA's. 
It appears that this company is saving money and passing on the savings to those 
who want server certs, but are willing to accept the fact that they are not 
built-in to Netscape browsers.
To quote them - "Why should you pay 100$ or even 300$, when you can get the same 
product for 69$, for two years!" Their web page pretty much spells out their 
intentions.
The browser user's workaround is to "Remember this web site cert" when visiting 
secure web sites using server certs issued by this company.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Priority: -- → P3
Resolution: --- → INVALID
Version: unspecified → 2.4
Reopening for discussion. Comments from the reporter:
Is the 'Mozilla Community' 
_NOT_ free to include an AICPA Webtrust Certified vendor performing in 
compliance with all Standard CA practices?

And subsequently, is Netscape _NOT_ perfectly free to strip them back 
out of the NETSCAPE versions unless they pay for the priviledge of being 
kept (in the NETSCAPE software products)?

Netscape employs and therefore (somewhat) "donates" lots of Developers, 
Q/A analysts, and Designers to Mozilla. But I have a <problem> when a 
"Community" product implements reduced functionality in the "Community" 
version for the purpose of allowing a private company to shake down 
others for $$$ before "allowing" the correct functionality to be 
restored (in the "Open Community" software). This clearly sucks for 
everyone EXCEPT people who work for Netscape and people who own stock in 
the parent company. I understand that without these two groups of 
people, Mozilla wouldn't exist.

I opened this bug with the goal of assisting Mozilla to be the best 
browser. Do you feel that I should adjust to a more $$$-oriented view of 
this particular "Open Source Community", or is there a different concept 
which I'm not even being to the table?
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Still waiting for discussion. This is the opposite of bug 77014 - "Mozilla's CA 
Certificates list should be empty by default".
The reporter of this bug (168878) suggests that more CA's be added to Mozilla 
than appear in the Commercial product. Some problems and questions.
1.) Who would decide what new CA's get into Mozilla, by criteria or some kind 
of voting perhaps?
2.) Who would update the mozilla tree to allow this to happen?
3.) Who decides what CAs get into Netscape products now?
There is also a workaround for each individual user at seguro.ips.es. Visit 
http://certs.ipsca.com/companyIPSipsCA/Default.htm and trust the Root and 
Intermediate certs. That will add their CAs to the permanent DB.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Marking invalid. A representative from seguro.ips.es has been contacted about 
how to get the cert into Mozilla.
Status: NEW → RESOLVED
Closed: 21 years ago21 years ago
Resolution: --- → INVALID
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.