Closed Bug 370515 Opened 17 years ago Closed 17 years ago

SITHS CAroot certificate inclusion

Categories

(CA Program :: CA Certificate Root Program, task, P2)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: fredrik.linden, Assigned: gerv)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
Build Identifier: 2.0.0.1

SITHS translated freely into, "Secure IT for Healthcare in Sweden", is the CA for the Swedish Healthcare sector, this will be used by approximately 230.000 employees and we would like to have it included "out of the box". There will also probably be future solutions which address all of Sweden´s inhabitants 9.000.000. The solution is delivered today by Teliasonera Sweden´s largest Telco and the services contract is owned by us Carelink AB. 

Reproducible: Always

Steps to Reproduce:
1.
2.
3.



I would be glad to send you our Certificate Policy & CPS. They are in Swedish though. You will find them at 
http://www.carelink.se/tjanster/siths/siths_dokumentation/

The "SITHS Rootcertifikat v3" Certificate can be found at
http://www.carelink.se/tjanster/siths/siths_rotcertifikat/

Best Regards

Fredrik Lindén
+46 706853041
Fredrik: do you issue certificates to the general public, or only within the Swedish government healthcare system?

Our cert inclusion policy
http://www.mozilla.org/projects/security/certs/policy/
says:

"We require that all CAs whose certificates are distributed with our software products provide some service relevant to typical users of our software products."

Gerv
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Gervase We issue "only" to people within the Swedish Government Healthcare System but that is approximately 240 000 people. The certificate is a secondary certificate though to the "National eID" delivered by Teliasonera. Your product is  used in the Public Healthcare sector which I believe could to be considered a typical user in Sweden atleast. We want to do this not only for our own sake to avoid the distribution issue but also to increase the use of Firefox in Sweden even further.
(In reply to comment #2)
> The certificate is a secondary
> certificate though to the "National eID" delivered by Teliasonera. 

You mean your certificate is not a root certificate, but is signed by a certificate from Teliasonera? Would it not be more appropriate to include that certificate instead?

Gerv

Hi Gervase I have asked Teliasonera to check their view on this. I think that you have Sonera´s root certifiate built in already.  Telia and Sonera merged a couple of years ago and maybe these are linked.

best regards

Fredrik
Fredrik: We don't include intermediate certificates in our store. You need to find out what your root certificate is and, if it's not already included, persuade its owner to apply for inclusion.

Gerv

Hi Gervase I have checked with Teliasonera and it is a Root certificate and not an intermediate to Teliasonera.

Another function is that it will be used towards the public for services so we are talking about approximately 9.000.000 possible users/patients.

So we would very muck like to continue this work.

Best regards

Fredrik Lindén
In which case, I can tell you that I will need the following data for each request. If some of this data is missing, the request cannot proceed. Even if all of it is already present somewhere in the bug or the materials provided, it will speed up your application if you provide it again. This means I can make everyone happier, quicker :-)

Please give data in the following format, as a *plain text comment* in this bug. This will help me do whatever evaluation is necessary, and then will be part of a public record describing the Mozilla default root certificates.

CA Details
----------

CA Name:
Website:
One Paragraph Summary of CA, including the following:
 - General nature (e.g., commercial, government, academic/research, nonprofit)
 - Primary geographical area(s) served
 - Number and type of subordinate CAs
Audit Type (WebTrust, ETSI etc.):
Auditor:
Auditor Website:
Audit Document URL(s):
  
Certificate Details
-------------------
(To be completed once for each certificate)
  
Certificate Name:
Summary Paragraph, including the following:
 - End entity certificate issuance policy, i.e. what you plan to do with the 
   root
Certificate HTTP URL (on CA website):
Version:
SHA1 Fingerprint:
MD5 Fingerprint:
Modulus Length (a.k.a. "key length"):
Valid From (YYYY-MM-DD):
Valid To (YYYY-MM-DD):
CRL HTTP URL:
OCSP URL:
Class (domain-validated, identity/organisationally-validated or EV):
Certificate Policy URL:
CPS URL:
Requested Trust Indicators (email and/or SSL and/or code):

Thanks for your help in this matter. :-)

Gerv
Fredrik: It's been over a month. Are you able to provide the requested information?

Thanks,

Gerv
Reassign all open CA bugs to me. Apologies for the bugspam.

Gerv
Assignee: hecker → gerv
No response from requester; resolving INCOMPLETE. Please reopen the bug if/when information is available.

Gerv
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INCOMPLETE
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.