Hello. I'm a member of the Regiogeld.de initiative in Germany and I have proposed to create certificate authority for the regiogeld community to allow local initiatives to receive a signature form the RegioGeld CA (www.regiogeld.de).
Is it possible to submit a CA key to the Mozilla crypto team and to have it permanently added to the browser distribution?
Yes, but... We have some requirements for CAs that want to do this. Below I've attached the standard response that I am currently sending to CAs who ask about this.
The basic situation right now is that we are requiring that CAs have successfully completed a WebTrust for CAs audit, or something equivalent to it. Unless RegioGeld has undergone such an audit (and I suspect it hasn't) then I can't approve including a RegioGeld CA cert in Mozilla, Firefox, etc.
Frank
============
The current situation regarding CA certificates and Mozilla is as follows:
The Mozilla project is now creating a formal program to select CA certificates for inclusion in Mozilla and related software released through the Mozilla project (e.g., the Firefox browser and the Thunderbird email client).
The Mozilla CA certificate program is not yet officially in operation, because we have not yet completed the final policy for including certificates, and the associated criteria for evaluating CAs. However in the meantime I am accepting requests from CAs that have passed independent third-party audits, in particular the WebTrust for CAs audit.
So, if your CA has been successfully audited by WebTrust then I would be happy to consider your request to have your CA certificate(s) added to Mozilla. (Although I won't be able to act on your request right away because I have several other requests already in the queue; it may take me a few weeks to process all requests.)
To officially submit your request, please file a bug in the Mozilla project's Bugzilla bug tracking system, assigning the bug to the "mozilla.org" product and the "CA Certificates" component within that product. You can create a Bugzilla account here:
http://bugzilla.mozilla.org/createaccount.cgi
and enter the new bug here:
http://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&format=guided
The URL above will fill in the product field ("mozilla.org"); you just need to select the "CA Certificates" component, fill in the summary field with something like "Add Foo CA certificate" (where you replace "Foo" with the name of your CA), and use the details field to enter in the details of your request. Please be sure and include URLs for documents like your Certificate Policy, Certification Practice Statement, and links to your actual root certificate(s); also include URLs for where to find CRLs and/or OCSP information. When you're done click the "Submit Bug Report" button.
If your CA has not been audited in any way then you will have to wait for the final CA certificate policy, in which we will define a process for evaluating CAs ourselves in the absence of third-party audits. Note that it may take a few months to complete the policy, and yet more months to do our own evaluations. (And again, there are other CAs that would be ahead of your CA in the queue.)
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
