Mozilla Demands Security Checks from CAs

In the wake of the DigiNotar hack, Firefox may stop accepting security certificates from certificate authorities that can't prove they are secure.

InfoWorld: In response to the DigiNotar hack which resulted in the issuance of fake Google SSL certificates, the Mozilla Foundation is requiring all certificate authorities (CAs) to complete unprecedented security requirements. Mozilla, which maintains the Firefox Web browser, has given the 600+ CAs eight days to audit their infrastructure, note their dependencies on other CAs, require two-factor authentication, make it more difficult to make changes to high-profile websites, and require their suppliers to do the same. Those that don't may find themselves "untrusted" by Firefox and Mozilla's other software.

"Participation in Mozilla's root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe," said Mozilla's Kathleen Wilson.

The company is already denying access to any sites that use DigiNotar certificates.

Tags: security, Mozilla

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.