Confirmed users, Administrators
5,526
edits
CA:GovernmentCAs: Difference between revisions
Jump to navigation
Jump to search
→What Inclusion of a CA in Mozilla's Program Means
| Line 84: | Line 84: | ||
What statements can be made about CAs in Mozilla's program? | What statements can be made about CAs in Mozilla's program? | ||
* Certificates are used in three primary functions within Mozilla | * Certificates are used in three primary functions within Mozilla software: | ||
** When a user connects to an SSL-enabled web server or other SSL-enabled servers. | ** When a user connects to an SSL-enabled web server or other SSL-enabled servers. | ||
** When a user reads digitally signed email from another user. | ** When a user reads digitally signed email from another user. | ||
| Line 92: | Line 92: | ||
** A certificate used for secure email contains the email address of the person or organization that controls the corresponding email account, and by signing such a certificate a CA is vouching for the fact that the entity owns or controls the email address contained within the certificate. | ** A certificate used for secure email contains the email address of the person or organization that controls the corresponding email account, and by signing such a certificate a CA is vouching for the fact that the entity owns or controls the email address contained within the certificate. | ||
** A certificate used for to sign code should contain the name of the developer or distributor of the code, and by signing such a certificate a CA is vouching for the fact that the entity referenced in the certificate is the entity that requested the certificate. | ** A certificate used for to sign code should contain the name of the developer or distributor of the code, and by signing such a certificate a CA is vouching for the fact that the entity referenced in the certificate is the entity that requested the certificate. | ||
* Inclusion of a CA in Mozilla's Program means that Mozilla has: | |||
** verified that the CA's practices and policies are documented on their public-facing website, | |||
** verified that the CA's practices and policies have been audited by an independent, qualified auditor, | |||
** verified, that to the best of our knowledge, the CA is compliant with Mozilla' CA Certificate Policy. | |||
* A CA is considered to be non-compliant with Mozilla's CA Certificate Policy if the CA | * A CA is considered to be non-compliant with Mozilla's CA Certificate Policy if the CA | ||
** knowingly issues certificates without the knowledge of the entities whose information is referenced in the certificates; or | ** knowingly issues certificates without the knowledge of the entities whose information is referenced in the certificates; or | ||