Confirmed users, Administrators
5,526
edits
CA/Root Inclusion Considerations: Difference between revisions
Jump to navigation
Jump to search
m
CA/Root Inclusion Considerations (view source)
Revision as of 20:27, 8 February 2023
, 8 February 2023incorporating feedback
(incorporating feedback) |
m (incorporating feedback) |
||
| Line 14: | Line 14: | ||
For the following circumstances, Mozilla should deny the CA operator's root inclusion request. If the CA operator currently has root certificates in Mozilla's root store, then Mozilla should remove those root certificates or set them to be distrusted after a specified date. | For the following circumstances, Mozilla should deny the CA operator's root inclusion request. If the CA operator currently has root certificates in Mozilla's root store, then Mozilla should remove those root certificates or set them to be distrusted after a specified date. | ||
* There is [https://www.merriam-webster.com/legal/reasonable%20suspicion Reasonable suspicion] that the CA is closely tied, through ownership or operation, to a company engaged in any of the following: | * There is [https://www.merriam-webster.com/legal/reasonable%20suspicion Reasonable suspicion] that the CA is closely tied, through ownership or operation, to a company engaged in any of the following: | ||
** the distribution of malware or spyware; | ** the distribution of [https://en.wikipedia.org/wiki/Malware malware] or [https://en.wikipedia.org/wiki/Spyware spyware]; | ||
** [https://en.wikipedia.org/wiki/Computer_and_network_surveillance#Network_surveillance network surveillance] that intercepts/manipulates traffic or collects private information about a person or organization and sends it to another entity without the permission of the person or organization, or in a way that endangers the privacy or device security of the person or organization; or | ** [https://en.wikipedia.org/wiki/Computer_and_network_surveillance#Network_surveillance network surveillance] that intercepts/manipulates traffic or collects private information about a person or organization and sends it to another entity without the permission of the person or organization, or in a way that endangers the privacy or device security of the person or organization; or | ||
** [https://en.wikipedia.org/wiki/Cyber_spying cyber espionage] that aims to obtain private information from a person or organization without the knowledge or permission of the person or organization for personal, economic, political or military advantage. | ** [https://en.wikipedia.org/wiki/Cyber_spying cyber espionage] that aims to obtain private information from a person or organization without the knowledge or permission of the person or organization for personal, economic, political or military advantage. | ||