Congratulations to Mozilla and its Firefox team! Here is a ZDNet article [1] from today:
“Germany's cyber-security agency [BSI] recommends Firefox as most secure browser” “Germany's BSI tested Firefox, Chrome, IE, and Edge. Firefox was only browser to pass all minimum requirements for mandatory security features” BSI (translated as the Federal Office for Information Security) is “the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories.” [2] BSI found that Firefox is the *only* browser to support *all* of the BSI requirements for a secure browser. Here is what the ZDNet article says about EV certificates: According to the BSI's new guide, to be considered "secure," a modern browser must satisfy these minimum requirements: *** - *Must support extended validation (EV) certificates* Here is what Sec. 2.1b) of the full BSI report says: The web browser MUST meet the following requirements for certificates and their verification: — A list of certificates of trusted certificate issuers (CA Certificates) MUST be provided. — Certificates with domain-based validation (Domain Validated-Zertrifikate, DV), with Organization-based validation (Organizational-Validated-Zertifikate, OV) and certificates with Extended Validation Certificates MUST be supported. I hope the Mozilla community will celebrate this honor, but will also reconsider its proposal to drop support for EV certificates – that would mean that Firefox no longer meets all BSI requirements for a secure browser. [1] https://www.zdnet.com/article/germanys-cyber-security-agency-recommends-firefox-as-most-secure-browser/ [2] https://en.wikipedia.org/wiki/Federal_Office_for_Information_Security _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
