Confirm, administrator
5,526
edits
Changes
→Concerns about Government CAs
== Concerns about Government CAs ==
Concern has been repeatedly raised about Government CAs having root certificates included in Mozilla products. Concerns and suggestions that have been raised include:
* Distrust of Government
** Government interference with internet activitiesof their citizens.** Government participation in spying on people on the internet.** Previous instances of the government having initiated (or taken the blame for) malware including virus, worms, MITM attacks.
* Hostile jurisdiction compelled certificate creation attack
** Some CAs have been asked to update their CP/CPS to address concerns about being compelled by third parties to inappropriately issue an intermediate or end-entity certificate. Current recommendation from the discussions appears to be to provide information about which regulatory and legal framework/jurisdiction the CA is primarily beholden to; and add a statement that the CA will duly verify that an order from a government or other such organization is lawful before executing the order.
