{"id":1744,"date":"2014-08-20T10:35:01","date_gmt":"2014-08-20T17:35:01","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/?p=1744"},"modified":"2016-09-30T02:51:56","modified_gmt":"2016-09-30T09:51:56","slug":"mozillapkix-ships-in-firefox","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/","title":{"rendered":"mozilla::pkix ships in Firefox!"},"content":{"rendered":"<p>In April, we announced an upcoming certificate verification library designed from the ground up to be fast and secure. A few weeks ago, this new library &#8211; known as &#8220;mozilla::pkix&#8221; &#8211; shipped with Firefox and is enabled by default. Please see the <a title=\"Exciting Updates to Certificate Verification in Gecko\" href=\"http:\/\/blog.mozilla.org\/security\/2014\/04\/24\/exciting-updates-to-certificate-verification-in-gecko\/\">original announcement<\/a> for more details.<br \/>\nAlong with using more verifiably secure coding practices, we took the opportunity to closely adhere to the X.509 certificate verification specifications for the Internet. For example, we prevent certificates from being misused in ways that legacy libraries often do not. This protects user data and promotes an overall more secure Web.<br \/>\nHowever, this sometimes comes at a compatibility cost. Some certificates issued by certificate authorities not in Mozilla&#8217;s Root CA program may no longer work in the same way. We are currently evaluating how we can best balance security with usability with regard to these certificates.<br \/>\nIf you encounter compatibility issues, please read the <a title=\"X509 Certificate Primer\" href=\"https:\/\/wiki.mozilla.org\/SecurityEngineering\/x509Certs\" target=\"_blank\">Certificate Primer<\/a> which contains information for creating a compatible certificate hierarchy.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In April, we announced an upcoming certificate verification library designed from the ground up to be fast and secure. A few weeks ago, this new library &#8211; known as &#8220;mozilla::pkix&#8221; &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/\">Read more<\/a><\/p>\n","protected":false},"author":525,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69,45499],"tags":[],"coauthors":[45543],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>mozilla::pkix ships in Firefox! - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dana Keeler\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/\",\"name\":\"mozilla::pkix ships in Firefox! - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2014-08-20T17:35:01+00:00\",\"dateModified\":\"2016-09-30T09:51:56+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/ceb71f5b00305c4b5fd2028deb101736\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"mozilla::pkix ships in Firefox!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/ceb71f5b00305c4b5fd2028deb101736\",\"name\":\"Dana Keeler\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/8a8a12f35e73f4f9942eb18d86c4828b\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/72636a193847f1a9c45521d07eb0dc6e?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/72636a193847f1a9c45521d07eb0dc6e?s=96&d=identicon&r=g\",\"caption\":\"Dana Keeler\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"mozilla::pkix ships in Firefox! - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/","twitter_misc":{"Written by":"Dana Keeler","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/","url":"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/","name":"mozilla::pkix ships in Firefox! - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2014-08-20T17:35:01+00:00","dateModified":"2016-09-30T09:51:56+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/ceb71f5b00305c4b5fd2028deb101736"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2014\/08\/20\/mozillapkix-ships-in-firefox\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"mozilla::pkix ships in Firefox!"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/ceb71f5b00305c4b5fd2028deb101736","name":"Dana Keeler","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/8a8a12f35e73f4f9942eb18d86c4828b","url":"https:\/\/secure.gravatar.com\/avatar\/72636a193847f1a9c45521d07eb0dc6e?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72636a193847f1a9c45521d07eb0dc6e?s=96&d=identicon&r=g","caption":"Dana Keeler"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/1744"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/525"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=1744"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/1744\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=1744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=1744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=1744"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=1744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}