Mozilla Demands Security Checks from CAs

Friday Sep 9th 2011 by Staff

In the wake of the DigiNotar hack, Firefox may stop accepting security certificates from certificate authorities that can't prove they are secure.

InfoWorld: In response to the DigiNotar hack which resulted in the issuance of fake Google SSL certificates, the Mozilla Foundation is requiring all certificate authorities (CAs) to complete unprecedented security requirements. Mozilla, which maintains the Firefox Web browser, has given the 600+ CAs eight days to audit their infrastructure, note their dependencies on other CAs, require two-factor authentication, make it more difficult to make changes to high-profile websites, and require their suppliers to do the same. Those that don't may find themselves "untrusted" by Firefox and Mozilla's other software.

"Participation in Mozilla's root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe," said Mozilla's Kathleen Wilson.

The company is already denying access to any sites that use DigiNotar certificates.

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved