Avatar for Username

Αναζήτηση στην υποστήριξη

Προσοχή στις απάτες! Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου ή να μοιραστείτε προσωπικά δεδομένα. Αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής «Αναφορά κατάχρησης».

Learn More

Αυτό το νήμα αρχειοθετήθηκε. Παρακαλούμε κάντε νέα ερώτηση αν χρειάζεστε βοήθεια.

How does Mozilla (Firefox) check wheter a Root certificate within its storage is trustworthy?

  • 2 απαντήσεις
  • 1 έχει αυτό το πρόβλημα
  • 6 προβολές
  • Τελευταία απάντηση από etienno

etienno
etienno
more options

I've read the following article: http://zitseng.com/archives/7489

The article states about government (root) certificates being installed on Mac's.

Since Firefox is all about privacy, I'm wondering why it's possible that Firefox also gets shipped with some of the certificates listed. I have to admit not liking the idea of, for example, the Chinese government (China Internet Network Information Center) slotting into my internet traffic with a self-signed certificate..

The general question in case here is: what does Mozilla require to mark a certificate as trustworthy? Discussing the matter of privacy, any (Chinese/US) government certificate being valid doesn't really support that, reputation wise..

I've read the following article: http://zitseng.com/archives/7489 The article states about government (root) certificates being installed on Mac's. Since Firefox is all about privacy, I'm wondering why it's possible that Firefox also gets shipped with some of the certificates listed. I have to admit not liking the idea of, for example, the Chinese government (China Internet Network Information Center) slotting into my internet traffic with a self-signed certificate.. The general question in case here is: what does Mozilla require to mark a certificate as trustworthy? Discussing the matter of privacy, any (Chinese/US) government certificate being valid doesn't really support that, reputation wise..

Όλες οι απαντήσεις (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

See:

Mozilla CA Certificate Maintenance Policy (Version 2.2):

etienno
etienno Ιδιοκτήτης ερώτησης
more options

I've read the maintenance policy.

So far I seem to have the following understanding: there is no check whether an issuer is trustworthy, they just check whether they issue valid certificates (according to Mozilla) and revoke them upon certain events.

At the matter of privacy that seems to be a clear issue, with governments having the possibility of issuing certificates and intercepting traffic. This gives them a possibility for executing a MITM, doesn't it?