How does Mozilla (Firefox) check wheter a Root certificate within its storage is trustworthy?
I've read the following article: http://zitseng.com/archives/7489
The article states about government (root) certificates being installed on Mac's.
Since Firefox is all about privacy, I'm wondering why it's possible that Firefox also gets shipped with some of the certificates listed. I have to admit not liking the idea of, for example, the Chinese government (China Internet Network Information Center) slotting into my internet traffic with a self-signed certificate..
The general question in case here is: what does Mozilla require to mark a certificate as trustworthy? Discussing the matter of privacy, any (Chinese/US) government certificate being valid doesn't really support that, reputation wise..
所有回复 (2)
See:
Mozilla CA Certificate Maintenance Policy (Version 2.2):
I've read the maintenance policy.
So far I seem to have the following understanding: there is no check whether an issuer is trustworthy, they just check whether they issue valid certificates (according to Mozilla) and revoke them upon certain events.
At the matter of privacy that seems to be a clear issue, with governments having the possibility of issuing certificates and intercepting traffic. This gives them a possibility for executing a MITM, doesn't it?