On 1/18/2008 11:44 AM, Frank Hecker wrote: > WISeKey has applied to add its (one) root CA certificate to the Mozilla > root store, as documented in the following bug: > > https://bugzilla.mozilla.org/show_bug.cgi?id=371362 > > and in the pending certificates list here: > > http://www.mozilla.org/projects/security/certs/pending/#WISeKey > > I have evaluated their request, as per the mozilla.org CA certificate > policy: > > http://www.mozilla.org/projects/security/certs/policy/ > > and plan to approve this request in two weeks time. If you have any > objections, or know of facts which might influence this decision, please > make them known before then. > > Frank >
After following the discussion about Black Box. Perhaps I don't really understand. It seems to me, however, that this is not much different from the situation that prompted my bug report #376853. That situation involves the AllTrust certificate authority (part of Comodo), which issued a certificate to USERTRUST Network. USERTRUST Network then used this certificate (neither one of its USERTRUST Network root certificates that are in the NSS store nor an intermediate certificate signed by one of those root certificates) as an intermediate certificate to act as a certificate authority and issued a certificate to Network Solutions. In turn, Network Solutions used its certificate as an intermediate certificate to act as a certificate authority and issued a site certificate to my bank. In my bug report, I raised the question regarding what control AllTrust/Comodo has over Network Solutions given the intermediate role of USERTRUST Network between them. See <https://bugzilla.mozilla.org/show_bug.cgi?id=376853>. In comment #1 to this bug report, Bolyard stated: > The PKI model really depends on trusting the CAs to control their subordinate > issuers at all levels. If a root CA proves unworthy in that regard, we should > expunge its cert from our list. If this is true -- at ALL levels -- then I don't understand the concern about Black Box. If this is not true, then I don't understand why my RFE has not receive serious consideration. -- David E. Ross <http://www.rossde.com/> Go to Mozdev at <http://www.mozdev.org/> for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
