TeliaSonera, Mozilla and the trusted CA
The Register has reported that Mozilla is considering not granting TeliaSonera’s request to have its new root certificate included in Firefox’s list of trusted Certificate Authorities, so called CAs. A trusted CA can create server certificates to companies who need their sites to be clearly identified as trusted sites, such as internet banks for instance.
Should TeliaSonera not be included in Firefox’s list of trusted CAs, it would mean that companies who have their certificates created by TeliaSonera would not appear as trusted sites for those using the Firefox web browser.
Part of Mozilla’s decision making process is a stakeholder dialogue on the Internet. In this dialogue people have voiced critical opinions on TeliaSonera’s handling of issues regarding freedom of speech and privacy. The criticisms are based on recent reporting about TeliaSonera’s telecommunications business in Eurasia.
Given the on-going discussion we would like to clearify that
- TeliaSonera is engaged with Mozilla in an effort to resolve the issue, which we believe is the result of people wrongly linking inaccurate media reports about the company’s operations in Eurasia to its CA business which is totally unrelated.
- The TeliaSonera CA business is a Nordic operation which is not connected to our business as an operator in Eurasia. TeliaSonera’s CA business creates server certificates for clients in Sweden and Finland.
- The certificates which we create as a trusted CA cannot be misused as we check each request to ensure that the requester owns all domain names listed in the request.
- We are in direct dialogue with Mozilla on this. The stakeholder dialogue is just part of the process of having our new application approved.
- We have six browser vendor agreements for Root inclusion: Microsoft, Mozilla, Opera, Android, Apple and Java.
- All Browser vendors require us to pass a standardized third party Webtrust audit (or similar) every year. Ernst & Young has audited the TeliaSonera CA thus far.