Avatar for Username

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Learn More

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

How does Mozilla (Firefox) check wheter a Root certificate within its storage is trustworthy?

  • 2 antwoorden
  • 1 heeft dit probleem
  • 2 weergaven
  • Laatste antwoord van etienno

etienno
etienno
more options

I've read the following article: http://zitseng.com/archives/7489

The article states about government (root) certificates being installed on Mac's.

Since Firefox is all about privacy, I'm wondering why it's possible that Firefox also gets shipped with some of the certificates listed. I have to admit not liking the idea of, for example, the Chinese government (China Internet Network Information Center) slotting into my internet traffic with a self-signed certificate..

The general question in case here is: what does Mozilla require to mark a certificate as trustworthy? Discussing the matter of privacy, any (Chinese/US) government certificate being valid doesn't really support that, reputation wise..

I've read the following article: http://zitseng.com/archives/7489 The article states about government (root) certificates being installed on Mac's. Since Firefox is all about privacy, I'm wondering why it's possible that Firefox also gets shipped with some of the certificates listed. I have to admit not liking the idea of, for example, the Chinese government (China Internet Network Information Center) slotting into my internet traffic with a self-signed certificate.. The general question in case here is: what does Mozilla require to mark a certificate as trustworthy? Discussing the matter of privacy, any (Chinese/US) government certificate being valid doesn't really support that, reputation wise..

Alle antwoorden (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

See:

Mozilla CA Certificate Maintenance Policy (Version 2.2):

etienno
etienno Vraageigenaar
more options

I've read the maintenance policy.

So far I seem to have the following understanding: there is no check whether an issuer is trustworthy, they just check whether they issue valid certificates (according to Mozilla) and revoke them upon certain events.

At the matter of privacy that seems to be a clear issue, with governments having the possibility of issuing certificates and intercepting traffic. This gives them a possibility for executing a MITM, doesn't it?