top | item 9093494

(no title)

sharvil | 11 years ago

Most of the certs listed in the blog post are in Mozilla's trust store[1] and in Windows trust store[2] as well.

[1] https://www.mozilla.org/en-US/about/governance/policies/secu...

[2] (PDF) http://download.microsoft.com/download/1/5/7/157B29AB-F890-4...

discuss

TazeTSchnitzel|11 years ago

Yep. From a Ctrl+F of [1], there's:

* ApplicationCA (Japan)

* China Internet Network Information Center EV Certificates Root (China)

From a Ctrl+F of [2], there's:

* ApplicationCA (Japan)

* FPKI Common Policy (US)

* China Internet Network Information Center EV Certificates Root (China)

The only odd one out seems to be DoD Root CA 2.

ttflee|11 years ago

To my best knowledge, activists from China did plead to remove CNNIC (China Internet Network Information Center) root cert from Mozilla Firefox but failed.

That cert was added as

https://bugzilla.mozilla.org/show_bug.cgi?id=476766

and the plea for removal

https://bugzilla.mozilla.org/show_bug.cgi?id=542689

Till now, CNNIC CA cert is part of builtin authority bundled in Firefox.

CNNIC was a controversial organization not only because of its govn't background but also its involvement with an infamous malware years ago.

And I cannot get access to bugzilla.mozilla.org without using a secure proxy from China as 'Server aborted the SSL handshake'.