Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
CA/Additional Trust Changes: Difference between revisions
Jump to navigation
Jump to search
Add StartCom and WoSign
(Add ANSSI and EV info) |
(Add StartCom and WoSign) |
||
| Line 14: | Line 14: | ||
The French Government CA is name-constrained to those ccTLDs whose geographies are under the jurisdiction of France - that is, .fr, .gp, .gf, .mq, .re, .yt, .pm, .bl, .mf, .wf, .pf, .nc, and .tf. The code for that [https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/certdb/genname.c#1588 is in NSS]. | The French Government CA is name-constrained to those ccTLDs whose geographies are under the jurisdiction of France - that is, .fr, .gp, .gf, .mq, .re, .yt, .pm, .bl, .mf, .wf, .pf, .nc, and .tf. The code for that [https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/certdb/genname.c#1588 is in NSS]. | ||
==StartCom== | |||
Mozilla [https://bugzilla.mozilla.org/show_bug.cgi?id=1311832 currently recommends] not trusting any certificates issued by this CA after October 21st, 2016. That recommendation covers the following roots: | |||
# CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL | |||
# CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL | |||
The code implementing this restriction is [https://dxr.mozilla.org/mozilla-central/source/security/certverifier/NSSCertDBTrustDomain.cpp#737 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.). | |||
==WoSign== | |||
Mozilla [https://bugzilla.mozilla.org/show_bug.cgi?id=1311824 currently recommends] not trusting any certificates issued by this CA after October 21st, 2016. That recommendation covers the following roots: | |||
# CN=CA 沃通根证书, OU=null, O=WoSign CA Limited, C=CN | |||
# CN=Certification Authority of WoSign, OU=null, O=WoSign CA Limited, C=CN | |||
# CN=Certification Authority of WoSign G2, OU=null, O=WoSign CA Limited, C=CN | |||
# CN=CA WoSign ECC Root, OU=null, O=WoSign CA Limited, C=CN | |||
The code implementing this restriction is [https://dxr.mozilla.org/mozilla-central/source/security/certverifier/NSSCertDBTrustDomain.cpp#737 in the Mozilla platform security code (PSM)], which is shared by the Mozilla applications (Firefox, Thunderbird, etc.). | |||