CA/Additional Trust Changes: Difference between revisions

CA/Additional Trust Changes (view source)

886 bytes removed , 31 January 2018

Deleted the StartCom section, because all of the StartCom root certs have been removed from Mozilla's CA program.

Confirmed users, Administrators

5,526

edits

@@ Line 18: / Line 18: @@
 The French Government CA is name-constrained to those ccTLDs whose geographies are under the jurisdiction of France - that is, .fr, .gp, .gf, .mq, .re, .yt, .pm, .bl, .mf, .wf, .pf, .nc, and .tf. The code for that [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certdb/genname.c#l1595 is in NSS].
-==StartCom==
-Mozilla [https://bugzilla.mozilla.org/show_bug.cgi?id=1311832 currently recommends] not trusting any certificates issued by this CA after October 21st, 2016. That recommendation covers the following roots:
-# CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
-# CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL
-This restriction has been implemented in both [https://hg.mozilla.org/mozilla-central/annotate/facaf90aeaaf/security/certverifier/NSSCertDBTrustDomain.cpp#l740 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.), and in addition, [https://hg.mozilla.org/projects/nss/annotate/1feb89a254de/lib/certhigh/certvfy.c#l492 in the NSS library code], which is used by applications that use the NSS certificate verification APIs.
 ==Kamu SM==