CA:FAQ: Difference between revisions

CA:FAQ (view source)

Revision as of 16:26, 21 October 2014

358 bytes added , 21 October 2014

Updated with the text Gerv suggested.

Kathleen Wilson

Confirmed users, Administrators

5,526

edits

@@ Line 126: / Line 126: @@
 === Can I use Mozilla's set of CA certificates? ===
-The decisions Mozilla makes with regards to the inclusion of CA certificates is directly tied to the capabilities and behaviors of the software Mozilla distributes. It would therefore be irresponsible to bundle Mozilla's set of CA certificates with other software.
+The decisions Mozilla makes with regards to the inclusion or exclusion of CA certificates in its root store are directly tied to the capabilities and behaviours of the software Mozilla distributes. Sometimes, a security change is made wholly or partly in the software instead of the root store. Further, Mozilla does not promise to take into account the needs of other users of its root store when making such decisions.
-For additional context on why reuse would be a bad idea see https://groups.google.com/d/msg/mozilla.dev.security.policy/FYIBEF_AVMI/2KYQrWirsiQJ by Ryan Sleevi and https://groups.google.com/d/msg/mozilla.dev.security.policy/FYIBEF_AVMI/jFAWDvy5zE4J by Brian Smith.
+Therefore, anyone considering bundling Mozilla's root store with other software needs to be aware of the issues surrounding providing a root store, and committed to making sure that they maintain security for their users by carefully observing Mozilla's actions and taking appropriate steps of their own.
+For additional context see the [https://groups.google.com/d/msg/mozilla.dev.security.policy/FYIBEF_AVMI/2KYQrWirsiQJ discussion in mozilla.dev.security policy].