Confirm, administrator
5,526
edits
Changes
→What Inclusion of a CA in Mozilla's Program Means
What statements can be made about CAs in Mozilla's program?
* Certificates are used in three primary functions within Mozilla and related software:
** When a user connects to an SSL-enabled web server or other SSL-enabled servers.
** When a user reads digitally signed email from another user.
** A certificate used for secure email contains the email address of the person or organization that controls the corresponding email account, and by signing such a certificate a CA is vouching for the fact that the entity owns or controls the email address contained within the certificate.
** A certificate used for to sign code should contain the name of the developer or distributor of the code, and by signing such a certificate a CA is vouching for the fact that the entity referenced in the certificate is the entity that requested the certificate.
* Inclusion of a CA in Mozilla's Program means that Mozilla has:
** verified that the CA's practices and policies are documented on their public-facing website,
** verified that the CA's practices and policies have been audited by an independent, qualified auditor,
** verified, that to the best of our knowledge, the CA is compliant with Mozilla' CA Certificate Policy.
* A CA is considered to be non-compliant with Mozilla's CA Certificate Policy if the CA
** knowingly issues certificates without the knowledge of the entities whose information is referenced in the certificates; or
