CA/Root Inclusion Considerations: Difference between revisions

CA/Root Inclusion Considerations (view source)

52 bytes added , 8 February 2023

m

incorporating feedback

Confirmed users, Administrators

5,526

edits

@@ Line 40: / Line 40: @@
 ** has a score less than 50 on the [https://www.transparency.org/en/cpi Corruption Perceptions Index]
 * The CA is (or the CA's owning entities are) associated with a government that has or is forcing end-users to install a government-issued root certificate on their devices, or the government has used certificates issued by the CA to intercept network communications.
-* The CA is (or the CA's owning entities are) owned or funded by an individual or government organization that is known to also own or fund a vendor that has provided software being used for network surveillance or cyber espionage to obtain information about people or organizations in a way that endangers the privacy or device security of people or organizations.
+* The CA is (or the CA's owning entities are) owned or funded by an individual or government organization that is known to also own or fund a vendor that has provided software being used for network surveillance or cyber espionage to obtain private information about people or organizations without their knowledge or permission in a way that endangers the privacy or device security of those people or organizations.
 * The CA uses a shell company, an acquisition, or other misdirection to divert attention away from their relationship with another organization or government.