On 2020-10-06 23:47, Kathleen Wilson wrote:
All,

I've been asked to publish Mozilla's root store in a way that is easy to consume by downstreams, so I have added the following to https://wiki.mozilla.org/CA/Included_Certificates

CCADB Data Usage Terms
<https://www.ccadb.org/rootstores/usage#ccadb-data-usage-terms>

PEM of Root Certificates in Mozilla's Root Store with the Websites (TLS/SSL) Trust Bit Enabled (CSV) <https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEM?TrustBitsInclude=Websites>

PEM of Root Certificates in Mozilla's Root Store with the Email (S/MIME) Trust Bit Enabled (CSV) <https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEM?TrustBitsInclude=Email>


Please let me know if you have feedback or recommendations about this.


Please note that at least the first CSV download is not really a CSV file, as there are line feeds within each "PEM" value, and only one column. It would probably be more useful as a simple concatenated PEM file, as used by various software packages as a root store input format.

I have also noted that at least one downstream root store (Debian) takes
all Mozilla-trusted certificates and labels them as simply "mozilla/cert-public-name", even though more useful naming can be extracted from the last (most complete) report, after finding a non-gui tool that can actually parse CSV files with embedded newlines in string values.




Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to