Confirmed users, Administrators
5,526
edits
CA:GovernmentCAs: Difference between revisions
Jump to navigation
Jump to search
m
→What Inclusion of a CA in Mozilla's Program Means
| Line 93: | Line 93: | ||
** A certificate used for to sign code should contain the name of the developer or distributor of the code, and by signing such a certificate a CA is vouching for the fact that the entity referenced in the certificate is the entity that requested the certificate. | ** A certificate used for to sign code should contain the name of the developer or distributor of the code, and by signing such a certificate a CA is vouching for the fact that the entity referenced in the certificate is the entity that requested the certificate. | ||
* A CA is considered to be non-compliant with Mozilla's CA Certificate Policy if the CA | * A CA is considered to be non-compliant with Mozilla's CA Certificate Policy if the CA | ||
** knowingly | ** knowingly issues certificates without the knowledge of the entities whose information is referenced in the certificates; or | ||
** knowingly | ** knowingly issues certificates that appear to be intended for fraudulent use. | ||
* Mozilla will consider removing a root certificate from NSS if | * Mozilla will consider removing a root certificate from NSS if | ||
** The CA is issuing certificates in a manner that is non-compliant with Mozilla's CA Certificate Policy. | ** The CA is issuing certificates in a manner that is non-compliant with Mozilla's CA Certificate Policy. | ||
** The CA is issuing certificates that are being used in MitM attacks. | ** The CA is issuing certificates that are being used in MitM attacks. | ||
* SSL makes tampering visible to its victims. The certificate has to actually make it to the users client application before the user can decide to trust it. | * SSL makes tampering visible to its victims. The certificate has to actually make it to the users client application before the user can decide to trust it. | ||