Pre-install India's Root CA/Licensed CA authorities trusted by Root CA into Firefox

RESOLVED INVALID

Status

--
enhancement
RESOLVED INVALID
9 years ago
2 years ago

People

(Reporter: tarundua, Assigned: kwilson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Updated

9 years ago
Assignee: nobody → kathleen95014
Component: Preferences → CA Certificates
Product: Firefox → mozilla.org
QA Contact: preferences → ca-certificates
Version: unspecified → other

Comment 1

9 years ago
Inclusion of certificates from countries tends not to happen because Mozilla requires an independent review of the CA's policies. https://wiki.mozilla.org/CA:Overview and http://www.mozilla.org/projects/security/certs/policy/

Are you an administrator of this CA?
(Reporter)

Comment 2

9 years ago
No I am only an end-user not connected to any of the above mentioned organizations in any way.

India's tax e-filing, Ministry of Corporate affairs portal usage required for regulatory compliance are dependent on client certificates issued by Indian CA(s) whose trust is derived from ROOT CA operated by cca.gov.in. If the Root CA/intermediary certificates are not installed in a browser access to the services requires an extra certificate installation step by a large number of non-technical users. The number of users of this PKI infrastructure based on cca.gov.in is supposedly significant enough to warrant inclusion into Firefox/Thunderbird by default.

The ROOT CA at cca.gov.in and all the intermediary CAs have a published Certification Practice Statement on their websites.

Comment 3

9 years ago
Hi Tarun,

Requests to include a CA root must be performed by the CA itself. I suggest you make them aware of the problem.
If I understand it correctly, this bug requests that a number of CA 
certificates for a number of different root CAs be added to mozilla products.

Mozilla policy allows Mozilla to accept such requests only from official 
representatives of the individual CAs themselves.  So each of the CAs whose
certs are represented above would need to create their own separate request
to have their CA cert added to Mozilla.  The URLs listed in comment 1 
above provide information about how they go about doing that.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID

Updated

2 years ago
Product: mozilla.org → NSS
You need to log in before you can comment on or make changes to this bug.