Where can i access the current CA List
To access the current active CA list go into Mozilla or Firefox and use the "Manage Certificates" interface. For Firefox look under Preferences -> Advanced -> Certificates -> Manage Certificates -> Authorities, and you'll see the list of CA certificates currently known to Firefox. Note that this includes both CA certificates bundled with Firefox and CA certificates added by the user after installation (if any).
You can also look at the NSS source code to see the list of certificates, but I don't have time right now to track down the exact location for you.
To see a list of new CAs that are not yet in Mozilla/Firefox/etc., but have requested that they be included, see
http://www.hecker.org/mozilla/ca-certificate-list
I'd like to have an official web page that includes all the CAs already included in Mozilla, using a similar format to the page above, but I haven't had time to do this. (Volunteers are welcome!)
and how do i raise a request to add a new CA?
You file a bug in Bugzilla. For more information see the standard response below that I give to CAs requesting inclusion.
Frank
=========
Requesting that your CA's certificate(s) be added to Mozilla
The current situation regarding CA certificates and Mozilla is as follows:
The Mozilla project is now creating a formal program to select CA certificates for inclusion in Mozilla and related software released through the Mozilla project (e.g., the Firefox browser and the Thunderbird email client).
The Mozilla CA certificate program is not yet officially in operation, because we have not yet completed the final policy for including certificates, and the associated criteria for evaluating CAs. However in the meantime I am accepting requests from CAs that have passed independent third-party audits, in particular the WebTrust for CAs audit.
So, if your CA has been successfully audited by WebTrust then I would be happy to consider your request to have your CA certificate(s) added to Mozilla. (Although I won't be able to act on your request right away because I have several other requests already in the queue; it may take me a few weeks to process all requests.)
To officially submit your request, please file a bug in the Mozilla project's Bugzilla bug tracking system, assigning the bug to the "mozilla.org" product and the "CA Certificates" component within that product. You can create a Bugzilla account here:
http://bugzilla.mozilla.org/createaccount.cgi
and enter the new bug here:
http://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&format=guided
The URL above will fill in the product field ("mozilla.org"); you just need to select the "CA Certificates" component, fill in the summary field with something like "Add Foo CA certificate" (where you replace "Foo" with the name of your CA), and use the details field to enter in the details of your request. Please be sure and include URLs for documents like your Certificate Policy, Certification Practice Statement, and links to your actual root certificate(s); also include URLs for where to find CRLs and/or OCSP information. When you're done click the "Submit Bug Report" button.
If your CA has not been audited in any way then you will have to wait for the final CA certificate policy, in which we will define a process for evaluating CAs ourselves in the absence of third-party audits. Note that it may take a few months to complete the policy, and yet more months to do our own evaluations. (And again, there are other CAs that would be ahead of your CA in the queue.)
I apologize for the delays inherent in this process. Like many people who contribute to the Mozilla project, I am a volunteer, and I can do Mozilla-related tasks only in my spare time after I fulfill my work and family duties.
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
