tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Mozilla rootcerts

(Posting again to add another list)

So, AFAIK, the only source of root certificates we have is the
mozilla-rootcerts package.

It uses this list maintained by Mozilla:

Mozilla announced they will distrust Symantec*, but haven't done this by
changing the certdata file. After asking, it turns out they document
additional changes they apply on top:

I am tempted to modify the rootcerts package to distrust any CA needing
more complicated rules than "full trust". As in, manually distrust:
- Kamu SM, Turkish govenrment CA
- ANSSI, French government CA**
- Symantec

Additionally, the list of "Symantec" is very long. At the original post
it included VeriSign. It no longer seems to. I'll need to find an
updated list.

** Having trouble finding this on certdata.txt too.

Home | Main Index | Thread Index | Old Index