Does Mozilla/NSS have a policy for adding "Intermediate Certification Authorities"? In particular, I am interested in the "Starfield Secure Certification Authority", owned by "Starfield Technologies, Inc." (a.k.a. GoDaddy). I am not associated with them in any way other than being a satisfied customer for a few years. They are extremely popular for domain registrations (#1 in new transactions, #2 after Network Solutions in total market share - see RegistrarStats.com), and they now offer low-cost SSL certificates. I expect these will become very popular as well in the near future if they aren't already.
They are certified by WebTrust (description below). In addition, they are already included in Microsoft Internet Explorer, which makes a strong argument for including them in Mozilla. In order for Firefox to gain widespread acceptance, it is important for web sites that "just work" in Internet Explorer to also work in Firefox, without any user intervention. Any web sites that work in IE but appear to be broken in Firefox (even if "broken" simply means a dialog box pops up saying the site isn't trusted) will deter users from switching their browser.
In the IE Certificates window, there is a tab for "Intermediate Certification Authorities". There are currently 18 (at least on my system) CAs listed here, including Starfield and several other providers (6 are for Microsoft themselves). There is no similar tab in the Firefox Certificate Manager, so perhaps this functionality would need to be added first, presenting additional complications.
Here is the description I found at WebTrust: http://www.webtrust.org/abtseals.htm
> Starfield Technologies, Inc. > GoDaddy.com (www.godaddy.com) is the flagship ICANN-accredited domain > name registrar for The Go Daddy Group, Inc, which serves over 2 > million customers worldwide. The Go Daddy Group family of companies > enables individuals and businesses to acquire, create and safeguard > their unique identities and brands on the Internet. GoDaddy's > Certification Authority, the Starfield Secure Certification Authority, > provides a range of highly trusted, 128-bit SSL certificates at > low-cost with 24/7 customer support. The Go Daddy Group also includes > membership-based registrar Blue Razor Domains, Inc; Wild West Domains, > Inc., reseller support organization; Domains By Proxy, Inc., which > provides private domain registration services; and Starfield > Technologies, Inc., which serves as the Group's research and > development arm.
Here is a link to the Starfield Technologies, Inc. Repository, which contains their Intermediate Certificate, and the Root Certificate for their provider, ValiCert:
https://certificates.starfieldtech.com/Repository.go
Please let me know if I should open a corresponding Bugzilla request.
Thanks for considering this issue!
Alan _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
