833996 - Add new Thawte DSA root

Status: RESOLVED WONTFIX

(CA Program :: CA Certificate Root Program, task)

Description

[Rick Andrews]

Attachment: CAInformationTemplate_ThawteNew.docx

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Build ID: 20130116073211

Steps to reproduce:

I would like to add this new root to Mozilla's trust store:
thawte Primary Root CA - G4 (SHA256WithDSA)

and set the Websites (SSL/TLS), Email (S/MIME), Code Signing, and EV trust bits

Comment 1

[Kathleen Wilson]

I apologize for the delay in my response. My work on root inclusion requests was postponed for a while.

I am accepting this bug, and will work on it as soon as possible, but I have a large backlog.
https://wiki.mozilla.org/CA:Schedule#Requests_in_the_Information_Gathering_and_Verification_Phase

I will update this bug when I begin the Information Verification phase.
https://wiki.mozilla.org/CA:How_to_apply#Information_Verification

Comment 2

[Rashmi Tabada]

Hi Kathleen,

Reminder - please let us know the next steps.

Thanks,
Rashmi

Comment 3

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

We are remove support for DSA/DSS certificates completely from Gecko and mozilla::pkix. Whether or not this certificate should be added should be contingent on the results of bug 1073867 and bug 1107787.

Comment 4

[Kathleen Wilson]

Mozilla does not plan to add DSA support to Mozilla's CA Certificate Policy, so we will not add DSA root certs to NSS.
https://groups.google.com/d/msg/mozilla.dev.security.policy/JFmDFlHILOY/KHJzcJezpnQJ