Confirm, administrator
5,526
edits
Changes
m
→Distinguishing between a Government CA and other CAs
Is it reasonable to treat a Government CA differently from other CAs?
* What if the Government CA provides the documentation and audits showing that it complies with Mozilla's CA Certificate Policy?
* Why would we trust government A to certify sites in country B?
* Some government CAs don't follow our standard audit processes; such as having an independent, third-party auditor.
* Some government CAs can be very slow at adopting our new policies and requirements.
Government CAs [http://www.mozilla.org/projects/security/certs/included/index.html who are currently included:] (CAs that are owned/operated by the government of a country or region. -- Note, not sure if Izenpe actually falls into this category, but they claim to be a government CA.)
