Closed
Bug 428390
Opened 17 years ago
Closed 15 years ago
EV SSL: Request addition of the WellsSecure Public Root Certificate Authority
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gordon.young, Assigned: hecker)
References
()
Details
(Whiteboard: EV - approved)
Attachments
(5 files)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080325 Fedora/2.0.0.13-1.fc8 Firefox/2.0.0.13 Build Identifier: N/A I would like to request the addition of the new Wells Fargo "WellsSecure" Root CA with Common Name: "WellsSecure Public Root Certificate Authority" Certificate's SHA1 fingerprint: e7:b4:f6:9d:61:ec:90:69:db:7e:90:a7:40:1a:3c:f4:7d:4f:e8:ee Please accept this root certificate for inclusion in Firefox/NSS: -----BEGIN CERTIFICATE----- MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0 MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd /ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9 iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv 2G0xffX8oRAHh84vWdw+WNs= -----END CERTIFICATE----- The CA is an offline root used to create new issuing authorities within the Wells Fargo "WellsSecure" PKI. This offline CA Was created for the purpose of creating an (online/intermediate) EV SSL issuing authority. Future uses will be described in the Wells Fargo CP. The Wells Fargo Certificate Policy (CP) is published at http://www.wellsfargo.com/cps Verification and attestation of our conformance with the stated requirements have performed and produced by Webtrust for CAs Audit. The Audit report and management assertions can be viewed on the Third party WebTrust website by clinking the "WebTrust" seal and then follow the links to the WebTrust web site. The seal/link found here: http://www.wellsfargo.com/cps (Click on the "Certification Authorities WebTrust powered by KPMG" Seal image to follow the links to the report.) Thank you, Gordon Young Wells Fargo Bank, NA Public Key Infrastructure Team Reproducible: Didn't try Steps to Reproduce: N/A Actual Results: N/A Expected Results: N/A -----BEGIN CERTIFICATE----- MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0 MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd /ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9 iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv 2G0xffX8oRAHh84vWdw+WNs= -----END CERTIFICATE-----
Reporter | ||
Comment 1•17 years ago
|
||
per Mozilla CA Certificate Policy (Version 1.2) requests for preloading of roots that include issuing CA's below them in the hierarchy that issue EV SSL certificates it is required that the requester identify the EV SSL OID. the EV SSL OID for wells fargo WellsSecure is defined in the Wells Fargo CP at www.welllsfargo.com/cps Company EV Assurance = 2.16.840.1.114171.500.9
Updated•17 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: EV
Reporter | ||
Comment 2•17 years ago
|
||
EV SSL: Request addition of the WellsSecure Public Root Certificate Authority an offline root used to bring up a subordinate issuing CA that signs EV SSL certificates
Alias: EV-SSL
Summary: Request addition of the WellsSecure Public Root Certificate Authority → EV SSL: Request addition of the WellsSecure Public Root Certificate Authority
Whiteboard: EV
Updated•17 years ago
|
Whiteboard: EV
Updated•17 years ago
|
Alias: EV-SSL
Reporter | ||
Comment 3•16 years ago
|
||
************************************************************************** Wells Fargo's responses to the requests for information in the "Mozilla CA Certificate Policy" when requesting CA inclusion in the Mozilla default CA set This is a request for inclusion into 1. NSS. 2. EV_SSL root program (metadata etc) Firefox v3 and future. 3. any other appropriate distribution of roots by Mozilla. the certificate data (or links to the data) for the CA certificate(s) requested for inclusion; see earlier in this bug report, as well at: http://crl.pki.wellsfargo.com/wsprca.crt for each CA certificate requested for inclusion, whether or not the CA issues certificates for each of the following purposes within the CA hierarchy associated with the CA certificate: SSL-enabled servers, Yes this root will be a parent of an issuing CA, the “Wells Fargo Public Primary CA” which the sole purpose is to issue EV_SSL enabled certificates to Wells Fargo Bank NA business partners. The EV SSL CA is described in the Wells Fargo CP V.11 at http://www.wellsfargo.com/cps in section 1.3.1.3 “WellsSecure EV SSL CA” digitally-signed and/or encrypted email, or Future use of this root will be to stand up an issuing CA that identifies individual subjects and traditional ssl certificates (not ev enabled) This project is not complete. digitally-signed executable code objects; Wells Fargo does not offer code signing certificates for each CA certificate requested for inclusion, whether the CA issues Extended Validation certificates within the CA hierarchy associated with the CA certificate and, if so, the EV policy OID associated with the CA certificate; Wells Fargo CP V11 documents and EV_SSL assurance level known as: Company EV Assurance with an OID of 2.16.840.1.114171.500.9 a Certificate Policy and Certification Practice Statement (or links to a CP and CPS) or equivalent disclosure document(s) for the CA or CAs in question; and http://www.wellsfargo.com/cps information as to how the CA has fulfilled the requirements stated above regarding its verification of certificate signing requests and its conformance to a set of acceptable operational criteria. Compliance audit and review is performed by Wells Fargo internal audit, as well third party audit is performed yearly. Wells Fargo completes a yearly Webtrust for CA's audit. A Webtrust for CA's audit Performed by third party KPMG, “Independent Accountant's Report” is available online publicly here: https://cert.webtrust.org/SealFile?seal=528&file=pdf as well the Assertion of Wells Fargo's Management as to the Disclosure of its Business Practices and its Controls Over its Certification Authority Operations during the period from November 1, 2006 through October 31, 2007 is available on page 2 of the above document ************************************************************************
Reporter | ||
Comment 4•16 years ago
|
||
Additional Info: an issuing ca has been created under the new root it is present here: Wells Fargo Public Primary CA: http://crl.pki.wellsfargo.com/wf_ev_00.crt the "WellsSecure Public Root CA" is a root only. It was indented to help us bring up an EV_SSL chain. It may be used in the future to bring up additional issuing CA's Certification types: issuing CA: The "CN=Wells Fargo Public Primary CA" issues under only a single "EV_SSL" end entity ssl certificate profile subscriber verification is covered in section 3.2 of Wells Fargo CP v11 All Subordinate CA's are covered in CP v11 section 1.3.1, the root requested for inclusion is not the parent of all of Wells Fargo CA's. The "Wells Fargo Root CA" is the parent of the majority of CA's Cross certification agreements are Covered in CP v11 1.2.4.5 Cross-Certification Agreements a sample EV ssl certificate under the hierachy "WellsSecure Public Root Certificate Authority>Wells Fargo Public Primary certificate authority>EV End Entity" the first EV_SSL certificate was issued to our beaconing server: https://nerys.wellsfargo.com/test.html OCSP for issuing CA's is provided via: http://validator.wellsfargo.com CRL: http://crl.pki.wellsfargo.com/wsprca.crl http://crl.pki.wellsfargo.com/ev.crl
Assignee | ||
Comment 5•16 years ago
|
||
I'm assigning this bug to Kathleen Wilson, who'll be gathering information relating to this and other requests.
Assignee: hecker → kathleen95014
Assignee | ||
Updated•16 years ago
|
Status: NEW → ASSIGNED
Comment 6•16 years ago
|
||
Hi Gordon, As per Frank’s note, I have been asked to gather and verify information for this request. As such, I have the following questions. 1) What is the maximum time until OCSP responders are updated to reflect end-entity revocation? I see that normally its within 4 minutes. I’m wondering what the max time is when something doesn’t go as planned, as per a service-level-agreement. I ask this in regards to EV Guidelines section 26(a): “OCSP responses from this service MUST have a maximum expiration time of ten days.” 2) I think I need to see the document called “EV SSL Authentication Policy”, in order to find the statement about verification of the ownership of the domain name. Would you please provide the url to this, or point me to the text in the CP or CPS that states that this verification is done? 3) The audit you provided appears to be a WebTrust CA audit. Have you done a WebTrust EV audit for this root? Or is such an audit scheduled? 4) I have added this request to the pending list. Please review and let me know if I need to fix/update any of the info http://www.mozilla.org/projects/security/certs/pending/#Wells%20Fargo Thanks, Kathleen
Comment 7•16 years ago
|
||
Hi Kathleen, My name is Jason Kubicki and I believe Gordon mentioned that I will be working on this project with you. I have jumped into this project early June and I am working on finding the answers to your above questions. Question 1: No update yet. Question 2: There is no separate “EV SSL Auth policy” (although some of the language does seem to make it sound like there is.) For now, at least, the Auth policy is established by following the entire issuance procedure. That is, all forms must be correctly and completely filled out, verified and reviewed. Correct completion, will result in following the rules and therefore, fulfilling the underlying authentication “policy” We can provide you with the forms that would together constitute the policy if you would like. Question 3: Since this root isn’t being used yet, we can’t have a real webtrust audit on it. (it will happen this year.) there was a “pre-Audit” performed for EVSSL. (Audits happen after the fact, this was performed to ensure that the procedures are in place.) We can provide you with a copy of letter from the preaudit if you would like. Thanks, Jason
Comment 8•16 years ago
|
||
Kathleen, I believe we have an answer to question #1. section 4.9.9 of the wellsfargo CP (http://www.wellsfargo.com/cps) states <text deleted> This information will be cached for a maximum of four (4) minutes. (What this means technology wise is that the OCSP responder re-downloads the CRL before 4 minutes. The OCSP respondor product we are using marks the lifespan for these precomputed responses to have a lifespan of only 4 minutes in memory after which time it recomputes the responses for the next four minutes.) Additionally with our CRL lifespans being only 6 hours at the longest, and as an OCSP responder would not base it's responses on a CRL that has expired, the 4 minute caching paired with 6 hour CRL's would prevent a response from ever having a lifespan anywhere near 10 days. I hope this addresses your inquiry. Let me know if you would like some additional information. Jason
Comment 9•16 years ago
|
||
Attaching the WebTrust EV pre-audit that was performed by KPMG LLP, as per Comment #7: “Since this root isn’t being used yet, we can’t have a real webtrust audit on it. (it will happen this year.) there was a “pre-Audit” performed for EVSSL. (Audits happen after the fact, this was performed to ensure that the procedures are in place.)” I have verified the authenticity of this audit report.
Comment 10•16 years ago
|
||
As per the attached document, the info-gathering phase of this request is complete. There was a WT/EV pre-audit performed, which we'll use for now until the post-live WT/EV audit is performed later this year.
Comment 11•16 years ago
|
||
Assigning back to Frank, so this request can proceed to the discussion phase.
Assignee: kathleen95014 → hecker
Status: ASSIGNED → NEW
Whiteboard: EV → EV - information confirmed complete
Assignee | ||
Comment 12•16 years ago
|
||
I have now opened a one-week period of public discussion of this request, as mentioned in my post to the mozilla.dev.tech.crypto forum: http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/3f2d3b1fdcf88d30# This public discussion period will provide people in the Mozilla community with an opportunity to comment on the request, raise concerns, ask additional questions, etc. After the discussion period ends I will make a preliminary decision about whether or not to approve this request, and if I decide to move forward with approval then we will have a further one-week discussion period to address any remaining questions or issues. Note that the mozilla.dev.tech.crypto forum is also accessible via email; see https://lists.mozilla.org/listinfo/dev-tech-crypto for information on how to subscribe and post to the mailing list.
Status: NEW → ASSIGNED
Whiteboard: EV - information confirmed complete → EV - in public discussion
Assignee | ||
Comment 13•16 years ago
|
||
The first public comment period for this request is now over. I have evaluated this request, as per sections 1, 5 and 15 of the official CA policy at http://www.mozilla.org/projects/security/certs/policy/ On behalf of the Mozilla project, I apologise for any delay. Here follows my assessment. If anyone sees any factual errors, please point them out. To summarize, this assessment is for the request to add a new root CA certificate for WellsSecure Public Root Certificate Authority, and then to enable that root for EV use. Section 4 [Technical]. I'm not aware of any technical issues with certificates issued by Wells Fargo, or of instances where they have knowingly issued certificates for fraudulent use. If anyone knows of any such issues or instances, please note them in this bug report. Section 6 [Relevancy and Policy]. Wells Fargo appears to provide a service relevant to Mozilla users: It's a commercial CA offering certificates to customers worldwide, primarily to businesses. Policies are documented in the documents published on their website and listed in the entry on the pending applications list; the main document of interest is the WellsSecure PKI Certificate Policy: https://www.wellsfargo.com/downloads/pdf/com/cp/cp.pdf Section 7 [Validation]. Wells Fargo appears to meet the minimum requirements for subscriber verification, as follows: * Email: Not applicable. Wells Fargo does not issue certificates for email use through this hierarchy at present. It may do so in future, at which point it can apply to have the email trust bit enabled for this root. * SSL: Verification of subscriber identity, including verification of domain ownership, is done per the EV guidelines, as referenced by the CP and the corresponding customer agreement entered into by the subscriber. See (among others) sections 1.3.3, 1.4.1.11, and 3.2.2 of the CP. The EV policy OID is 2.16.840.1.114171.500.9. * Code signing: Not applicable. Wells Fargo does not issue certificates for code signing use, and has no plans to do so at this time. Section 8-10 [Audit]. Wells Fargo has successfully completed an audit using the WebTrust for CAs criteria. The auditors were KPMG. The audit is current (covering the period up to October 31, 2007). Wells Fargo also successfully completed a WebTrust EV pre-audit earlier in 2008. The auditors were KPMG. The audit report was provided by Wells Fargo and its authenticity verified directly with KPMG. Section 13 [Certificate Hierarchy]. The WellsSecure Root Certificate Authority has a single subordinate CA, the Wells Fargo Public Primary CA, the issuing CA for EV SSL certificates. Other: Wells Fargo issues CRLs (on a 6-hour schedule) and also operates an OCSP responder. Potentially problematic practices: There are no known potentially problematic practices associated with the WellsSecure Public Root Certificate Authority and its associated CA hierarchy. Based on the information available to me I am minded to approve this request to add the WellsSecure Public Root Certificate Authority certificate and enable it for EV use. Before I issue my final decision, I'm opening up a second one-week period of public discussion of this request in the mozilla.dev.tech.crypto newsgroup [1]. [1] The mozilla.dev.tech.crypto newsgroup is accessible via NNTP-capable newsreaders at: news://news.mozilla.org/mozilla.dev.tech.crypto via email by subscribing to the associated mailing list: https://lists.mozilla.org/listinfo/dev-tech-crypto and via the web at: http://groups.google.com/group/mozilla.dev.tech.crypto/topics
Assignee | ||
Comment 14•16 years ago
|
||
The second comment period is now over. Based on my evaluation and the comments received thus far, I am officially approving this request to add the WellsSecure Public Root Certificate Authority root certificate to NSS and to enable it in PSM for EV use. I have filed bug 449393 against NSS and bug 449394 against PSM for the actual changes.
Assignee | ||
Updated•16 years ago
|
Whiteboard: EV - in public discussion → EV - approved
Assignee | ||
Comment 15•16 years ago
|
||
Changing whiteboard status to approved.
Comment 16•15 years ago
|
||
I believe this bug was fixed by the checkin for Bug 493709 - Combined EV enablement so I am resolving this bug as fixed. Please reopen it if it is not fixed. I hope Kathleen doesn't mind me resolving these bugs.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Comment 17•15 years ago
|
||
When can we expect to see our EV enabled root in a production build? I am not too familiar with the Mozilla process. Do you just enable it and one day it is there or will we receive a notice that it is now available to the public?
Comment 18•15 years ago
|
||
More or less :-) The first release to hit the street soon is probably the next 3.5 release. Maybe 3.0 will be updated too at some point. You'll realize that when nobody is complaining anymore...
Comment 19•15 years ago
|
||
(In reply to comment #17) > When can we expect to see our EV enabled root in a production build? Try one of these "nightly" FF 3.5 preview builds ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-1.9.1/
Comment 20•15 years ago
|
||
Thank you for the link Nelson, We tested our system with a nightly build that Kai put together for us and were happy to see it work. My question was more about trying to determine when we could expect it to become available to the public. Can we expect it in a few das, weeks, or months? Will it require version 3.5 to be released or are we likely to be added to 3.0.XX?
Comment 21•15 years ago
|
||
Jason, I am sure your cert will be in FF 3.5. I think there is a good chance that it will also be added to some forthcoming FF 3.0.x release. But I cannot predict how soon any of those things will happen. Personally, I am pessimistic that this will happen before the end of this month, but I expect it will happen within the next 3 months. But those are merely my own guesses.
Comment 22•9 years ago
|
||
Comment 23•9 years ago
|
||
Comment 24•9 years ago
|
||
(In reply to Kathleen Wilson from comment #22) > Created attachment 8710092 [details] > 2015 Wells Fargo PKI WTBR Report.pdf (In reply to Kathleen Wilson from comment #23) > Created attachment 8710093 [details] > 2015 Wells Fargo PKI WTCA Report.pdf I have exchanged email with the auditor to confirm the authenticity of these audit statements.
Comment 25•8 years ago
|
||
Updated•7 years ago
|
Product: mozilla.org → NSS
Updated•2 years ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•