Confirmed users, Administrators
5,526
edits
CA/FAQ: Difference between revisions
Jump to navigation
Jump to search
m
Updated due to MDSP migration
m (cleanup) |
m (Updated due to MDSP migration) |
||
| Line 85: | Line 85: | ||
=== Who decides which CA certificates to include in Mozilla products? === | === Who decides which CA certificates to include in Mozilla products? === | ||
For a CA's root certificate to be considered for inclusion in Mozilla products, the CA makes a formal request by filing a bug in [[CA/Application_Instructions| Mozilla's Bugzilla system]]. Then the owners or peers of Mozilla's [[Modules/All#CA_Certificates| CA Certificates Module]] evaluate the information provided by the CA and conduct a public discussion in the [https:// | For a CA's root certificate to be considered for inclusion in Mozilla products, the CA makes a formal request by filing a bug in [[CA/Application_Instructions| Mozilla's Bugzilla system]]. Then the owners or peers of Mozilla's [[Modules/All#CA_Certificates| CA Certificates Module]] evaluate the information provided by the CA and conduct a public discussion in the [https://groups.google.com/a/mozilla.org/g/dev-security-policy MDSP mailing list] regarding the request. After considering the information that the CA has presented and the recommendations of the Mozilla community, the module owners or peers determine if the root certificate should be included in Mozilla software products and which trust bits should be set on them. | ||
=== How does a CA certificate get included in Mozilla products? === | === How does a CA certificate get included in Mozilla products? === | ||
| Line 106: | Line 106: | ||
=== How can I impact Mozilla's default set of CA certificates? === | === How can I impact Mozilla's default set of CA certificates? === | ||
You may influence the decisions about [[CA/Dashboard|root inclusion requests]] by contributing to the discussions in the [https:// | You may influence the decisions about [[CA/Dashboard|root inclusion requests]] by contributing to the discussions in the [https://groups.google.com/a/mozilla.org/g/dev-security-policy MDSP mailing list]. | ||
=== Why does SSL handshake fail due to missing intermediate certificate? === | === Why does SSL handshake fail due to missing intermediate certificate? === | ||
| Line 118: | Line 118: | ||
Therefore, anyone considering bundling Mozilla's root store with other software needs to be aware of the issues surrounding providing a root store, and committed to making sure that they maintain security for their users by carefully observing Mozilla's actions and taking appropriate steps of their own. On a best-efforts basis, Mozilla maintains [[CA/Additional_Trust_Changes|a list of the additional things]] users of our store might need to consider. | Therefore, anyone considering bundling Mozilla's root store with other software needs to be aware of the issues surrounding providing a root store, and committed to making sure that they maintain security for their users by carefully observing Mozilla's actions and taking appropriate steps of their own. On a best-efforts basis, Mozilla maintains [[CA/Additional_Trust_Changes|a list of the additional things]] users of our store might need to consider. | ||
For additional context see the [https://groups.google.com/ | For additional context see the discussion in the [https://groups.google.com/a/mozilla.org/g/dev-security-policy MDSP mailing list]. | ||
'''Important''': Consumers of this root store must consider the trust bit settings for each included root certificate. | '''Important''': Consumers of this root store must consider the trust bit settings for each included root certificate. | ||