steven36 Posted July 3, 2018 Share Posted July 3, 2018 Mozilla announced on Monday that its Root Store Policy for Certificate Authorities (CAs) has been updated to version 2.6. The Root Store Policy governs CAs trusted by Firefox, Thunderbird and other Mozilla-related software. The latest version of the policy, discussed by the Mozilla community over a period of several months, went into effect on July 1. The new Root Store Policy includes nearly two dozen changes and some of the more important ones have been summarized in a blog post by Wayne Thayer, CA Program Manager at Mozilla. Version 2.6 of the Root Store Policy requires CAs to clearly disclose email address validation methods in their certificate policy (CP) and certification practice statement (CPS). The CP/CPS must also clearly specify IP address validation methods, which have now been banned in specific circumstances. CAs need to periodically obtain certain audits for their root and intermediate certificates in order to remain in the root store. Mozilla now requires auditors to provide reports written in English. The new policy also states that starting with January 1, 2019, CAs will be required to create separate intermediate certificates for S/MIME and SSL certificates. “Newly issued Intermediate certificates will need to be restricted with an EKU extension that doesn’t contain anyPolicy, or both serverAuth and emailProtection. Intermediate certificates issued prior to 2019 that do not comply with this requirement may continue to be used to issue new end-entity certificates,” Thayer explained. Another new requirement is that root certificates must have complied with the Mozilla Root Store Policy from the moment they were created. “This effectively means that roots in existence prior to 2014 that did not receive BR audits after 2013 are not eligible for inclusion in Mozilla’s program. Roots with documented BR violations may also be excluded from Mozilla’s root store under this policy,” Thayer said. Mozilla takes digital certificate management very seriously. Last year it announced taking action against Chinese certificate authority WoSign and its subsidiary StartCom as a result of over a dozen incidents. It also targeted Symantec after the company and its partners were involved in several incidents involving mississued TLS certificates, and later raised concerns over DigiCert’s acquisition of Symantec’s CA business. More at Mozilla Source Link to comment Share on other sites More sharing options...
Archanus Posted July 3, 2018 Share Posted July 3, 2018 I really like that browser But the matter is that it doesn't have the personalization like chrome Link to comment Share on other sites More sharing options...
plb4333 Posted July 6, 2018 Share Posted July 6, 2018 On 7/3/2018 at 3:40 PM, Archanus said: I really like that browser But the matter is that it doesn't have the personalization like chrome How much personalization do you need? Firefox has THEMES, & ADDONS that are even more numerous than Chrome's Extensions..Plus it has About:config that allows a user to make changes to the browser's running profile covering everything. Security, networking, timings, media, audio protocols, and many many more. Link to comment Share on other sites More sharing options...
dcs18 Posted July 8, 2018 Share Posted July 8, 2018 On 7/4/2018 at 4:10 AM, Archanus said: I really like that browser But the matter is that it doesn't have the personalization like chrome Are you sure about that — would be interesting to see your screenshots of a couple of points in personalization from Chrome that cannot be obtained on Firefox? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.