Mozilla CA Certificate FAQ (Proposed)

This is a draft document for public discussion. It reflects the personal opinions of the author, and does not necessarily represent the views of staff and the Mozilla Foundation.

Please post comments and questions to the netscape.public.mozilla.crypto newsgroup or the corresponding mozilla-crypto mailing list, or send them to the document author, Frank Hecker.

When distributing Mozilla and related software the Mozilla Foundation includes with such software a default set of X.509v3 certificates for various Certification Authorities (CAs). The certificates included by default are marked as being "trusted" for various purposes, so that Mozilla can use them automatically to verify certificates for SSL servers, S/MIME email users, etc., without having to ask Mozilla users for further permission or information.

This FAQ attempts to answer various questions about the certificates included with Mozilla and the Mozilla Foundation policies relating to them. The FAQ is divided into three sections:

Version 0.4, February 6, 2004. Changed the status of the policy details document to "to be written" until I can revise the document to reflect the current draft policy.

Version 0.3, March 29, 2004. Changed title.