Mozilla Certificate FAQ (Proposed)

Version 0.2, February 9, 2004. Further emphasized that this represents personal opinions only at this time.

This is a draft document for public discussion. It reflects the personal opinions of the author, and does not necessarily represent the views of mozilla.org staff and the Mozilla Foundation.

Please post comments and questions to the netscape.public.mozilla.crypto newsgroup or the corresponding mozilla-crypto mailing list, or send them to the document author, Frank Hecker.

When distributing Mozilla and related software the Mozilla Foundation includes with such software a default certificate database containing X.509v3 certificates for various Certification Authorities (CAs). The certificates are marked in the database as being "trusted" for various purposes, so that Mozilla can use them automatically to verify certificates for SSL servers, S/MIME email users, etc., without having to ask Mozilla users for further permission or information.

This FAQ attempts to answer various questions about the certificates included with Mozilla and the Mozilla Foundation policies relating to them. The FAQ is divided into three sections: