Avatar for Username

ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში მხარდაჭერის საიტზე. აქ არასდროს მოგთხოვენ სატელეფონო ნომერზე დარეკვას, შეტყობინების გამოგზავნას ან პირადი მონაცემების გაზიარებას. გთხოვთ, გვაცნობოთ რამე საეჭვოს შემჩნევისას „დარღვევაზე მოხსენების“ მეშვეობით.

ვრცლად

ეს თემა დაარქივებულია. დასვით ახალი კითხვა, თუ დახმარება გესაჭიროებათ.

How does Mozilla (Firefox) check wheter a Root certificate within its storage is trustworthy?

  • 2 პასუხი
  • 1 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 2 ნახვა
  • ბოლოს გამოეხმაურა etienno

etienno
etienno
more options

I've read the following article: http://zitseng.com/archives/7489

The article states about government (root) certificates being installed on Mac's.

Since Firefox is all about privacy, I'm wondering why it's possible that Firefox also gets shipped with some of the certificates listed. I have to admit not liking the idea of, for example, the Chinese government (China Internet Network Information Center) slotting into my internet traffic with a self-signed certificate..

The general question in case here is: what does Mozilla require to mark a certificate as trustworthy? Discussing the matter of privacy, any (Chinese/US) government certificate being valid doesn't really support that, reputation wise..

I've read the following article: http://zitseng.com/archives/7489 The article states about government (root) certificates being installed on Mac's. Since Firefox is all about privacy, I'm wondering why it's possible that Firefox also gets shipped with some of the certificates listed. I have to admit not liking the idea of, for example, the Chinese government (China Internet Network Information Center) slotting into my internet traffic with a self-signed certificate.. The general question in case here is: what does Mozilla require to mark a certificate as trustworthy? Discussing the matter of privacy, any (Chinese/US) government certificate being valid doesn't really support that, reputation wise..

ყველა პასუხი (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

See:

Mozilla CA Certificate Maintenance Policy (Version 2.2):

etienno
etienno კითხვის დამსმელი
more options

I've read the maintenance policy.

So far I seem to have the following understanding: there is no check whether an issuer is trustworthy, they just check whether they issue valid certificates (according to Mozilla) and revoke them upon certain events.

At the matter of privacy that seems to be a clear issue, with governments having the possibility of issuing certificates and intercepting traffic. This gives them a possibility for executing a MITM, doesn't it?