280744 - Add NetLock CA certificates to NSS

Status: VERIFIED FIXED

(NSS :: Libraries, enhancement, P3)

Description

[Frank Hecker]

Per my comments in bug 279728 I have approved NetLock to have its four CA
certificates (Qualified, Notary, Business, and Express) included in
Mozilla/Firefox/Thunderbird/etc. The CA certificates and trust bits are as
listed at <http://www.hecker.org/mozilla/ca-certificate-list>. (Basically the CA
certificates are approved for all purposes, except for Qualified which is
approved for S/MIME and object signing only.)

SHA-1 digests for the certs are as follows:

  Qualified (Class QA) CA:
    E1 BC B2 5F E6 25 47 F6 75 45 A8 77 2A 54 2B 55 F7 2D B3 AE

  Notary (Class A) CA:
    AC ED 5F 65 53 FD 25 CE 01 5F 1F 7A 48 3B 6A 74 9F 61 78 C6

  Business (Class B) CA:
    87 9F 4B EE 05 DF 98 58 3B E3 60 D6 33 E7 0D 3F FE 98 71 AF

  Express (Class C) CA:
    E3 92 51 2F 0A CF F5 05 DF F6 DE 06 7F 75 37 E1 65 EA 57 4B

Note that since bug 277797 is still outstanding, at present I am requesting only
addition of the Notary, Business, and Express CA certificates to NSS. Addition
of the Qualified CA certificate should be done once bug 277797 is resolved in a
manner that permits the Qualified certificate to be added.

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

The certs and patch for this bug have been attached to bug 275576.

Comment 2

[Nelson Bolyard (seldom reads bugmail)]

Marking fixed.  See  bug 275576.

Comment 3

[Wan-Teh Chang]

Verified with NSS 3.10 Beta 3 that the NetLock Notary (Class A) CA,
Business (Class B) CA, and Express (Class C) CA are in the "Builtin
Object Token" with the following trust settings:
This certificate can identify web sites.
This certificate can identify mail users.
This certificate can identify software makers.

Mozilla/Firefox trunk nightly builds on 2005-04-13 or later will
have these root CA certs. The upcoming milestone releases are
Mozilla 1.8 Beta 2 and Firefox/Thunderbird 1.1 Alpha.