Add Certigna certificates to Mozilla root CA list

RESOLVED FIXED

Status

task
P2
normal
RESOLVED FIXED
12 years ago
2 years ago

People

(Reporter: y.leplard, Assigned: kwilson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: Approved)

Attachments

(7 attachments, 1 obsolete attachment)

Reporter

Description

12 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X; fr; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Build Identifier: 

The certificates are : 
Certigna ROOT authority certificate
Certigna SSL secondary authority certificate
Certigna ID secondary authority certificate
and optionnally Certigna Chiffrement secondary authority certificate 
you can find them to the address : 
http://www.certigna.fr/chaine_certification.php

Certificate policies are on this page.

The CAs are compliant with ETSI-102042 : We have obtain a TS-102042 certification on august, the 20th in France

Reproducible: Always




Certigna ROOT is the root for Certigna SSL, Certigna ID, Certigna Chiffrement.
Certigna SSL is for SSL-enabled servers
Certigna ID is for authentication and digitally-signed email
Certigna Chiffrement is for encrypted emails
 
If you need more informations you can contact us ( Yannick LEPLARD or Arnauld DUBOIS ) :
- DHIMYOTIS, 20 allée de la raperie 59493 Villeneuve d'Ascq
- email : y.leplard@dhimyotis.com
- +(33)320 792 409

Best Regards,

  Y. LEPLARD
Please fill out the following form, and place the result as a plain text comment in this bug:

CA Details
----------

CA Name:
Website:
One Paragraph Summary of CA, including the following:
 - General nature (e.g., commercial, government, 
                   academic/research, nonprofit)
 - Primary geographical area(s) served
 - Number and type of subordinate CAs
Audit Type (WebTrust, ETSI etc.):
Auditor:
Auditor Website:
Audit Document URL(s):
URL of certificate hierarchy diagram:

Certificate Details
-------------------
(To be completed once for each certificate; note that we only include root
certificates in the store, not intermediates.)
  
Certificate Name:
Summary Paragraph, including the following:
 - End entity certificate issuance policy, 
   i.e. what you plan to do with the root
Certificate HTTP URL (on CA website):
Version:
SHA1 Fingerprint:
Modulus Length (a.k.a. "key length"):
Valid From (YYYY-MM-DD):
Valid To (YYYY-MM-DD):
CRL HTTP URL:
CRL issuing frequency for end-entity certificates:
OCSP URL:
Class (domain-validated, identity/organisationally-validated or EV):
Certificate Policy URL:
CPS URL:
Requested Trust Indicators (email and/or SSL and/or code):
URL of website using certificate chained to this root (if applying for SSL):

Many thanks,

Gerv
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Request for certificates to be added to the default set → Add Certigna certificates to NSS root store
Reporter

Comment 2

12 years ago
CA Name: Certigna
Website: http://www.certigna.fr


One Paragraph Summary of CA, including the following:
 -CERTIGNA is a commercial CA
- CERTIGNA is a French CA for European market at the beginning, and we expect to deserve soon other countries ( India, USA, South America ... )
 - 3 subordinates CAs : Certigna ID ( authentication and signing CA  is TS-102042 compliant ), Certigna SSL ( SSL CA   is TS-102042 compliant ), Certigna Chiffrement ( encryption CA is the complement of Certigna ID )
Audit Type (WebTrust, ETSI etc.): ETSI TS-102042
Auditor: LSTI
Auditor Website: http://www.lsti.fr
Audit Document URL(s):  see http://www.lsti.fr
URL of certificate hierarchy diagram: http://www.certigna.fr/chaine_certification.php

1. Certificate Details
-------------------

Certificate Name: Certigna SSL
Summary Paragraph, including the following: SSL certificate, for verification of web sites
Certificate HTTP URL (on CA website): http://www.certigna.fr/chaine_certification.php
Version: X509v3
SHA1 Fingerprint: 08 D9 2B 6E 2E 81 C0 B4 C7 A7 9C 44 84 8A 71 20 02 EB 94 DF
Modulus Length (a.k.a. "key length"): 2048
Valid From (YYYY-MM-DD): 2007-07-03
Valid To (YYYY-MM-DD): 2017-07-03
CRL HTTP URL: http://www.certigna.fr/crl/certignassl.crl and http://www.dhimyotis.com/crl/certignassl.crl
CRL issuing frequency for end-entity certificates: after a certificate's revocation, or every 72 hours.
OCSP URL: http://ocsp.certigna.fr/certignassl
Class (domain-validated, identity/organisationally-validated or EV): identity/organisationally-validated
Certificate Policy URL: http://www.certigna.fr/chaine_certification.php
CPS URL: not public. see http://www.certigna.fr/chaine_certification.php
Requested Trust Indicators (email and/or SSL and/or code): SSL
URL of website using certificate chained to this root (if applying for SSL): https://www.certigna.fr


2. Certificate Details
-------------------

Certificate Name: Certigna ID
Summary Paragraph, including the following: authentication and electronic signing of mails and documents
Certificate HTTP URL (on CA website): http://www.certigna.fr/chaine_certification.php
Version: X509v3
SHA1 Fingerprint: 75 19 EC 92 9A E4 A0 2D 90 68 F9 71 92 F9 73 45 56 A9 69 47
Modulus Length (a.k.a. "key length"): 2048
Valid From (YYYY-MM-DD): 2007-07-03
Valid To (YYYY-MM-DD): 2017-07-03
CRL HTTP URL: http://www.certigna.fr/crl/certignaid.crl and http://www.dhimyotis.com/crl/certignaid.crl
CRL issuing frequency for end-entity certificates: after a certificate's revocation, or every 72 hours.
OCSP URL: http://ocsp.certigna.fr/certignaid
Class (domain-validated, identity/organisationally-validated or EV): identity/organisationnally-validated
Certificate Policy URL: http://www.certigna.fr/chaine_certification.php
CPS URL: not public. see http://www.certigna.fr/chaine_certification.php
Requested Trust Indicators (email and/or SSL and/or code): email and SSL and code
URL of website using certificate chained to this root (if applying for SSL):  -
Mr. Leplard,

We only include root certificates, not intermediates. Please can you provide a similar set of information for your root certificate, and we will consider it for inclusion.

Gerv  
Status: NEW → ASSIGNED
Priority: -- → P2
Reporter

Comment 4

12 years ago
OK. Here are the informations for the root Certigna.
Best regards,
  Y. LEPLARD

Certificate Details for Certigna root
-------------------

Certificate Name: Certigna
Summary Paragraph, including the following: authentication and electronic signing of mails and documents
Certificate HTTP URL (on CA website): http://www.certigna.fr/chaine_certification.php
Version: X509v3
SHA1 Fingerprint: B1 2E 13 63 45 86 A4 6F 1A B2 60 68 37 58 2D C4 AC FD 94 97
Modulus Length (a.k.a. "key length"): 2048
Valid From (YYYY-MM-DD): 2007-06-29
Valid To (YYYY-MM-DD): 2027-06-29
CRL HTTP URL: -
CRL issuing frequency for end-entity certificates: after a certificate's revocation, or every 72 hours for Certigna SSL and Certigna ID 
( for the LAR = after a certificate's revocation, or every 365 days )
OCSP URL: -
Class (domain-validated, identity/organisationally-validated or EV): identity/organisationnally-validated
Certificate Policy URL: http://www.certigna.fr/chaine_certification.php
CPS URL: not public. see http://www.certigna.fr/chaine_certification.php
Requested Trust Indicators (email and/or SSL and/or code): SSL CA, S/MIME CA, Object Signing CA
URL of website using certificate chained to this root (if applying for SSL):  https://www.certigna.fr
Reporter

Comment 5

12 years ago
Dear Mr Markham,

any news about the process of inclusion ?
do you have all the informations you need ?

Best regards,

Yannick LEPLARD
Mr Leplard,

I have handed over responsibility for CA certs to Frank Hecker, who should be in touch soon.

Gerv
Reporter

Comment 7

12 years ago
Mr hecker,

Did you find time to have a look at our reqest ?
do you need more informations ?

Some news about our root CA Certigna : we have been accepted in the Microsoft root CA program last week ( and Certigna should be added in the store in februrary 2008 ).
The process is in progress with Apple.

Best regards,

  Yannick Leplard
Reporter

Comment 8

12 years ago
Mr Hecker,

it's okay with Apple's root CA program. Certigna will be added to the keychain in 6 weeks.

Any news about our request  ? Many of our customers  are Firefox users.

Best Regards,

    Yannick LEPLARD
Reassigning all open CA certificate inclusion request bugs to Frank Hecker, who is currently running the root program.

Gerv
Assignee: gerv → hecker
Status: ASSIGNED → NEW

Comment 10

11 years ago
Assigning this bug to myself. Right now I am prioritizing work on bugs related to CAs issuing Extended Validation certificates; I will look at this bug after I finish processing those other bugs.
Status: NEW → ASSIGNED
Reporter

Comment 11

11 years ago
Mr Hecker,

I'm back to you to get information about our request for Certigna root.

Some informations about Certigna : 
- the Microsoft root certificates update is now effective in both Windows Vista and Windows XP.
- we are in the final stage for the PRIS certification ( a French government standard )

Best regards,

Yannick Leplard

Comment 12

11 years ago
Assigning to Kathleen Wilson to do information gathering for this request. This is the first step in considering this request and potentially approving it. The whole process might take 2-3 months.
Assignee: hecker → kathleen95014
Status: ASSIGNED → NEW
Assignee

Comment 13

11 years ago
As per Frank’s note, I have been asked to do the information gathering and verification for this request. Attached is the initial information-gathering document which summarizes the information that has been gathered. Within the document I have highlighted in yellow the information that is still needed, and I will summarize below.

1) When I add this entry to the pending list (http://www.mozilla.org/projects/security/certs/pending/), should I enter “Certigna of Dhimyotis” for the company name? For the company url should I use http://www.dhimyotis.com or http://www.certigna.fr ?

2) I am supposed to review the CP/CPS to ensure that procedures are in place to do the following. Would you please translate the relevant text from the latest CP or CPS into English?
a) For SSL, verify that the domain referenced in the certificate is owned/controlled by the certificate subscriber. 
b) Verify the email account associated with the email address in the cert is owned by the subscriber, in addition to verification of subscriber’s legal identity.
c) Verify identity information in code signing certificates is that of subscriber
d) Make sure it’s clear which checks are done for which context (cert usage)
We are looking for text that describes exactly what information is verified, and how the information is verified.

3) Please provide the translated text from the CP/CPS that states that the identity and organization of the certificate subscriber are validated.

4) I’m supposed to review the CP/CPS for potentially problematic practices, as per http://wiki.mozilla.org/CA:Problematic_Practices. Would you please comment as to whether any of these are relevant. If relevant, please provide further info:
•     Long-Lived Domain-Validated SSL certs 
•     Wildcard DV SSL certs
•     Issuing end entity certs directly from root rather than using an
offline root and issuing certs through a subordinate CA 
•     Allowing external entities to operate subordinate CAs – in this case
need to demonstrate that the external entities are required to follow the CPS
and are audited as such.

Thanks,
Kathleen
Reporter

Comment 14

11 years ago
1) "Certigna of Dhimyotis" is all right for the company name in the pending list.
( Dhimyotis is the name of the company and Certigna is the brand for our certificates. )
For the company url we would like http://www.certigna.fr 

2) 3) 4) I provide you the informations  as soon as possible.

Best regards

  Yannick
Reporter

Comment 15

11 years ago
2) 
a) CERTIGNA SSL CP and CPS
"Chapter 3.2.3. Identity validation
….
The certificate request file sent to the RA must include :
•	…
•	Proof of possession by the organization of domain name corresponding to the FQDN"

b) CERTIGNA ID CP and CPS
"Chapter 3.2.3. Identity validation
...
The certificate request file sent to the RA must include :
•	The Certigna ID certificate request form, available on Certigna Web site, fully filled and signed by the subscriber. It includes :
o	Acceptance of terms and conditions
o	First and last name to be included in certificate
o	Subscriber informations (name, address, e-mail)
o	Copy of a valid identity document when recording the subscriber
In some cases, the request file must include :
If the subscriber belongs to an organization :
•	Proof of attachment to this organization
•	Authorized representative of the organization informations (name, organization, addresse, phone, e-mail), whose name is mentioned in the certificate request form
•	Copy of a valid official document when recording the request, including the SIREN number (DUNS equivalent for France), or by default another valid document proving unique identity of the organization."

c) no code signing certificates.

d)  CERTIGNA ID CP and CPS
"1.4. Certificates usage
1.4.1. Certificate usage applicability
It is expressly agreed that the certificate owner can use his/her certificate only in purposes of authentication and signature. In the specific cases of financial transactions signature, these transactions are guaranteed for a maximal 10000 €  amount. All other uses are made under the only responsibility of the certificate owner.
...
1.4.2. Prohibited domains of use
Key pairs and certificates  usage restrictions are described in chapter  4.5 below.
...
4.5. Key pairs and certificates usage
4.5.1. Private key and certificate owner usage
Use of the private key and the certificate is restricted to authentication and signature services.  Owners must strictly conform to this usage. Their responsibility can be engaged in case of non respect.
Permitted use of key pair and corresponding certificate is mentioned in the certificate itself, in the Key Usage extension which specify  nonRepudiation and digitalSignature values.

4.5.2. User public key and certificate usage
Certificate users must strictly conform to permitted usages.  Their responsibility can be engaged in case of non respect."

3)  This point has been exposed in b). For reminder :

"In some cases, the request file must include :
If the subscriber belongs to an organization :
•	Proof of attachment to this organization
•	Authorized representative of the organization informations (name, organization, address, phone, e-mail), whose name is mentioned in the certificate request form
•	Copy of a valid official document when recording the request, including the SIREN number (DUNS equivalent for France), or by default another valid document proving unique identity of the organization."


4) We don't have potentially problematic practices as per http://wiki.mozilla.org/CA:Problematic_Practices. 


Best regards,

  Yannick
Assignee

Comment 16

11 years ago
Hi Yannick,

Thank you for the information. I need to make sure a couple of items are crystal clear before we can move on to the discussion phase. I apologize if this seems redundant.

#2a: Does the RA do anything to verify the proof-of-possession information provided for the domain name? Is this a documented practice/policy for the RA?

#2b: Does the RA do anything to verify that the email address provided is indeed owned/controlled by the subscriber? Is this a documented practice/policy for the RA?

#2c: Since there are no code signing certificates, can I change the requested trust bits to not include code signing?

Thanks,
Kathleen
Reporter

Comment 17

11 years ago
Hi Kathleen,

#2a : Yes, we verify the information in whois registries.
This is documented in an internal document.

#2b : Yes.
- There is a registration form with the email address signed and dispatched to us by the subscriber.
- We verify that the CSR contains the same address than the one in the form
- We send the certificate to the subscriber by mail (to the e-mail address of the form).
This is documented in an internal document.

#2c : No, because we have planned to make code signing certificates in the near future.
If the need arises our CP/ CPS will have text about : "Verify identity information in code signing certificates is that of subscriber"

Bests regards,
Yannick
Assignee

Comment 18

11 years ago
Attaching the completed information gathering document which summarizes the info that has been gathered and verified.
Assignee

Comment 19

11 years ago
The Information Gathering phase of this request is complete.

Assigning to Frank, so he can proceed with the public discussion phase.

Thanks,
Kathleen
Assignee: kathleen95014 → hecker
Assignee

Updated

11 years ago
Status: NEW → ASSIGNED
Whiteboard: Information confirmed complete
Reporter

Comment 20

11 years ago
Hi,

For more than three weeks Certigna is in the Pending Certificate List with the state "Information confirmed complete".

How long is the process - if it's ok - to get the state "Public discussion/inclusion", 
and before the inclusion ?

Best regards,

  Yannick
Assignee

Comment 21

11 years ago
I do not yet know when this request will be scheduled for public discussion.
However, there has been a renewed interest in working through the backlog of CA
requests.

We have noticed that due to the backlog of CA requests, some of the audit
documents have become outdated.

Do you happen to have an updated audit document?

Thanks,
Kathleen
Reporter

Comment 22

11 years ago
Yes, we have updated audit documents.

The surveillance audit was done on july 2008,
and it's ok.

You can call the auditor of LSTI ( Mr Bouchet +33 1 30 61 50 60 )

Best regards,

  Yannick
Reporter

Comment 23

11 years ago
Did you contact LSTI ? is it ok for the audit documents ?

Best Regards,

  Yannick
Assignee

Comment 24

11 years ago
Yes, I did contact LSTI via their website, and received the following email:
---
Sent: Tuesday, October 14, 2008 10:42:17 AM
Subject: certigna certification

Dear Madam,

I confirm, as CEO of LSTI , that Dhymiotis has been audited in july  
2008 and that their ETSI 102042 certificate is maintained for the  
certigna certificate.

Don't hesitate to call us for further information
Best regards

Armelle Trotin
Directrice LSTI
Organisme certificateur
---

I also asked if they can provide a link to the latest audit info, but no further reply. Perhaps you can provide a link to the latest audit statement?

Thanks,
Kathleen
Reporter

Comment 25

11 years ago
I send you by email the audit report.
It's not a public document.

Best regards, 

  yannick
Assignee

Comment 26

11 years ago
A public statement of compliance with ETSI 102.042 has been provided by their 2008 auditor and posted on Certigna's website:
http://www.certigna.fr/downloads/attestation_lsti.pdf

I have independently verified this information with the auditor, and have updated the pending list with the new audit info:
http://www.mozilla.org/projects/security/certs/pending/

Kathleen
Reporter

Comment 27

11 years ago
The entire team of Dhimyotis wishes you a great year 2009.

is anything ok with Certigna ?

  Yannick
Assignee

Comment 28

11 years ago
Converting from msword format to pdf.

I plan to put this request into public discussion next week as per the queue shown at https://wiki.mozilla.org/CA:Schedule
Attachment #335057 - Attachment is obsolete: true
Assignee

Comment 29

11 years ago
I am now opening the first public discussion period for this request from Certigna to add the Certigna CA root certificate to Mozilla.

Public discussion will be in the mozilla.dev.tech.crypto newsgroup and the
corresponding dev-tech-crypto@lists.mozilla.org mailing list.

http://www.mozilla.org/community/developer-forums.html
https://lists.mozilla.org/listinfo/dev-tech-crypto

Please actively review, respond, and contribute to the discussion.
Assignee

Updated

11 years ago
Whiteboard: Information confirmed complete → In Public Discussion
Assignee

Comment 30

11 years ago
This concludes the first public discussion about Certigna’s request to add one new root CA certificate to the Mozilla root store. The summary of the action items resulting from this first public discussion is as follows. 

A publicly available document that is evaluated as part of the annual 
audit needs to be provided, and it must include information that 
satisfies section 7, parts a, b, and c of the Mozilla CA Certificate 
Policy at http://www.mozilla.org/projects/security/certs/policy/. 
This document also needs to address the potentially problematic 
practices as per https://wiki.mozilla.org/CA:Problematic_Practices. 

Certigna’s CPS contains sensitive information that cannot be posted 
publicly at this time. As such, the following possible solutions are 
recommended: 
1) Publish a version of the CPS with the confidential material 
redacted. 
2) Publish just those portions of the CPS that address the items noted 
above, and have your auditor confirm to us that the sections provided 
are from the CPS that was referenced in your audit.

Comment 31

11 years ago
I believe it is necessary that, if option 1 is chosen, the outside auditor must confirm that the public information in redacted version of the CPS is identical to the corresponding statements in the private CPS.
I removed the reference to NSS from the subject to reduce confusion.
Summary: Add Certigna certificates to NSS root store → Add Certigna certificates to Mozilla root CA list
Reporter

Comment 33

11 years ago
I have sent a translation of a portion of the CPS to Kathleen Wilson, and Mr Bouchet, the lead auditor from LSTI, has confimed to Mrs Wilson  the translation was reviewed during the certification audit.
Assignee

Comment 35

11 years ago
I am attaching the portion of the CPS that can be publicly posted, and that is relevant to the previous discussion.

I have received email from the lead auditor for LSTI which states that this part of the CPS was indeed reviewed during Certigna’s last audit. LSTI is an accredited certification body in France who provided the previous audit statement dated 8/20/2008.
Assignee

Comment 37

11 years ago
I am now opening the second public discussion period for this request from Certigna to add the Certigna CA root certificate to Mozilla.

http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/06bbc8886796cb2d#

The discussion topic is: Certigna Root Inclusion Request Round 2

Please actively review, respond, and contribute to the discussion.

Comment 38

10 years ago
Re-assigning this bug to Kathleen Wilson, since she's the person actively working on it.
Assignee: hecker → kathleen95014
Assignee

Comment 39

10 years ago
The public comment period for this request is now over. 

This request has been evaluated as per sections 1, 5 and 15 of the official CA policy at

 http://www.mozilla.org/projects/security/certs/policy/

Here follows a summary of the assessment. If anyone sees any factual errors, please point them out.

To summarize, this assessment is for the request to add a new root CA certificate for the Certigna root. 

Section 4 [Technical]. I am not aware of any technical issues with certificates issued by Certigna, or of instances where they have knowingly issued certificates for fraudulent use. If anyone knows of any such issues or instances, please note them in this bug report.

Section 6 [Relevancy and Policy]. Certigna appears to provide a service relevant to Mozilla users: It is a French certificate authority serving the European market, with plans to expand into other countries.

The certificate policies for Certigna’s SSL and ID subordinate CAs are published on their website and listed in the entry on the pending applications list. These are provided in French.

http://www.certigna.fr/documents/pc_certigna_ssl.php
http://www.certigna.fr/documents/pc_certigna_id.php

The public portion of the Certigna CPS has been attached to this bug, and the English translations have also been attached.
CPS: https://bugzilla.mozilla.org/attachment.cgi?id=364343
English: https://bugzilla.mozilla.org/attachment.cgi?id=364146
Code Signing: https://bugzilla.mozilla.org/attachment.cgi?id=365278

During the discussions two items have been requested: 
1) The public portion of the Certigna CPS should be made public and posted on their website. 
2) The internal document for code signing should be made part of the CPS. 
While Certigna is encouraged to do these two action items, these will not block the inclusion request.

Section 7 [Validation]. Certigna appears to meet the minimum requirements for subscriber verification, as follows:

* Email: When the requested certificate contains an email address, Certigna verifies that the CSR contains the same email address as on the registration form. Certigna also checks the email address as per CPS section 5.2.6 to verify that the left-hand side of the email address matches the applicant name, and the right-hand side of the email address matches the organization’s website or name. Certigna sends the certificate to the subscriber by email to the email address of the registration form. 

* SSL: Certigna’s CPS section 5.2.7 specifies the controls for applications for server certificates. It says that in addition to verifying the identity of the applicant, Certigna uses the whois service (www.whois.net) to verify that the organization owns the FQDN in the requested certificate.

* Code: There is a separate internal document for the new code-signing sub-CA. The section of the document that describes the verification of the identity of the subscriber has been translated into English and attached to the bug at the link provided above.

Section 8-10 [Audit]. Section 8-10 [Audit].  Certigna is audited by La Sécurité des Technologies de l'Information (LSTI) using the ETSI 102.042 criteria. The LSTI website lists the criteria, audit procedures, and certificate of compliance for Certigna and the SSL and ID sub-CAs. LSTI has also provided a separate statement that Certigna is compliant with the ETSI 102.042 criteria.

Section 13 [Certificate Hierarchy].  The Certigna root has four internally-operated subordinated CA’s:  Certigna SSL is for SSL-enabled servers, Certigna ID is for authentication and digitally-signed email, Certigna Chiffrement is for encrypting email, and a new sub-CA for code-signing has been recently created. The request is to enable all three trust bits.

Other: Certigna issues its CRL every 72 hours. OCSP is also provided.

Potentially problematic practices: None noted.

Based on this assessment I recommend that Mozilla approve this request to add the Certigna Certificate Authority root certificate to NSS.

Comment 40

10 years ago
To Kathleen: Thank you for your work on this request.

To the representatives of Certigna: Thank you for your cooperation and your patience.

To all others who have commented on this bug: Thank you for volunteering your time to assist in reviewing this CA request.

I have reviewed the summary and recommendation in comment #39, and on behalf of the Mozilla project I approve the request from Certigna to add the following
root certificate to NSS, with trust bits set as indicated:

* Certigna (email, SSL)

It's unclear to me what the status is with regard to code signing, and in particular whether code signing was referenced in the audit that was done. I'm therefore postponing approval of this root for code signing, and would like Certigna to submit a separate new request to have the code signing trust bit enabled.

Kathleen, could you please do the following:

1. File the necessary bug against NSS.
2. Mark this bug as dependent on the NSS bug.
4. When that bug is RESOLVED FIXED, change the status of this bug to RESOLVED FIXED as well.

Thanks in advance!
Assignee

Updated

10 years ago
Depends on: 483889
Assignee

Comment 41

10 years ago
I have filed bug 483889 against NSS for the actual changes.

As indicated in Comment #40, the websites and email trust bits have been requested. The code signing trust bit will need to be handled through a new request when the CPS and audit covering the new sub-CA have been completed.

Updated

10 years ago
Whiteboard: In Public Discussion → Approved
Assignee

Updated

10 years ago
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Assignee

Comment 42

4 years ago
Assignee

Comment 43

3 years ago

Updated

2 years ago
Product: mozilla.org → NSS
You need to log in before you can comment on or make changes to this bug.