Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

How does Mozilla (Firefox) check wheter a Root certificate within its storage is trustworthy?

  • 2 답장
  • 1 이 문제를 만남
  • 1 보기
  • 최종 답변자: etienno

more options

I've read the following article: http://zitseng.com/archives/7489

The article states about government (root) certificates being installed on Mac's.

Since Firefox is all about privacy, I'm wondering why it's possible that Firefox also gets shipped with some of the certificates listed. I have to admit not liking the idea of, for example, the Chinese government (China Internet Network Information Center) slotting into my internet traffic with a self-signed certificate..

The general question in case here is: what does Mozilla require to mark a certificate as trustworthy? Discussing the matter of privacy, any (Chinese/US) government certificate being valid doesn't really support that, reputation wise..

I've read the following article: http://zitseng.com/archives/7489 The article states about government (root) certificates being installed on Mac's. Since Firefox is all about privacy, I'm wondering why it's possible that Firefox also gets shipped with some of the certificates listed. I have to admit not liking the idea of, for example, the Chinese government (China Internet Network Information Center) slotting into my internet traffic with a self-signed certificate.. The general question in case here is: what does Mozilla require to mark a certificate as trustworthy? Discussing the matter of privacy, any (Chinese/US) government certificate being valid doesn't really support that, reputation wise..

모든 댓글 (2)

more options
more options

I've read the maintenance policy.

So far I seem to have the following understanding: there is no check whether an issuer is trustworthy, they just check whether they issue valid certificates (according to Mozilla) and revoke them upon certain events.

At the matter of privacy that seems to be a clear issue, with governments having the possibility of issuing certificates and intercepting traffic. This gives them a possibility for executing a MITM, doesn't it?