Mozilla has sent a Communication to the Certification Authorities (CAs) who have root certificates included in Mozilla’s program. Mozilla’s CA Certificate Program governs inclusion of root certificates in Network Security Services (NSS), a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of applications.
- Confirm that they are the current Primary POC, or give alternative details;
- Confirm that Mozilla has the correct link to their most recent Baseline Requirements audit statement;
- Update us on their progress in eliminating use of SHA-1 as a certificate signature algorithm;
- Inform us whether they are still issuing certificates with certain problems identified when we moved to mozilla::pkix; and
- Tell us about their support for IPv6.
With this CA Communication, we re-iterate that participation in Mozilla’s CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve.
Mozilla Security Team