Nukeador wrote, On 2008-05-21 14:59: > Eddy Nigg (StartCom Ltd.) escribió: >> Apparently yes! From >> http://wiki.mozilla.org/CA:Root_Certificate_Requests see the lower >> section. I suggest that the representative of the CA starts a new bug >> according to the instructions of this page:
> Ok, I'm contacting now with Cristina Acedo, who is from the FNMT, and > giving her the details to open a bug herself with the information inside > that particular template. I would say that a new bug is not necessary. What *IS* necessary is direct communication between an official CA representative and Mozilla through the bug system, and that all the information requested be provided. Any information upon which Mozilla will rely in performing its evaluation must not come through a third party. If using the English language presents a problem, the I would suggest that the CA representative delegate this responsibility to some other CA employee or officer who can act as an official CA representative. To put the FNMT request in perspective: FNMT is one of a small number of official CAs for parts of Spain. According to a presentation about this subject made by izenpe earlier this week, for Catelonia, there is Catcert, for Comunidad de Valencia, there is ACCV, for the Basque regions, there is izenpe, and for the rest of Spain, there are FNMT, CameraFirma, ipsCA, FirmaProfesional, and "Notaries" (I may have erred in that last transcription). FNMT issues smart cards with certificates on them to individuals, as does izenpe for its region. The presentation says that FNMT's dni-e serves a population of 44.7 million and izenpe serves a population of 2.13 million. I believe those numbers are the numbers of individuals who are eligible to receive smart cards with certs and private keys. It should not be necessary for those CA certs to be included and trusted in Mozilla for those individuals' certs to be usable for SSL client authentication in Firefox. IMO, the principal reason for Mozilla to include a root CA cert is for that cert to issue SSL server certs, and/or code signing certs. I don't think we have any numbers for how many of such certs are issued by those CAs. The number of server certs may not be proportional to the number of individuals eligible to receive smart cards. Of the CAs named above, these are already in NSS's built-in root CA list: - AC Camerafirma SA CIF - Chambers of Commerce Root - Global Chambersign Root - Autoridad de Certificacion Firmaprofesional CIF - IPS Internet Publishing Services s.l. (6 roots) - IPS Seguridad CA (1 root) There are presently 5 open CA cert inclusion requests for CAs in Spain. number opened ----------------- summary --------------------- 261778 2004-09-27 Add Camerfirma CA certificate 274100 2004-12-10 Add ACCV CA certificate (confirmed complete) 295474 2005-05-25 Add CATCert root CA certificate 361957 2006-11-27 Add Izenpe CA EV root certificate (incomplete) 408008 2007-12-11 Add FNMT Root CA cert for SSL Personal opinion: while I accept that FNMT may serve the largest number of subscribers, their request is the most recent, and they did not even make the request themselves. There are two requests that are 3+ years older than theirs, one of which is confirmed complete. I think Mozilla Foundation should make some attempt to honor those CAs who were diligent and timely in making their requests, and not displace them for an additional indefinite time to give preference to a larger CA. /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto