On 2020-10-06 23:47, Kathleen Wilson wrote:
All,
I've been asked to publish Mozilla's root store in a way that is easy to
consume by downstreams, so I have added the following to
https://wiki.mozilla.org/CA/Included_Certificates
CCADB Data Usage Terms
<https://www.ccadb.org/rootstores/usage#ccadb-data-usage-terms>
PEM of Root Certificates in Mozilla's Root Store with the Websites
(TLS/SSL) Trust Bit Enabled (CSV)
<https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEM?TrustBitsInclude=Websites>
PEM of Root Certificates in Mozilla's Root Store with the Email (S/MIME)
Trust Bit Enabled (CSV)
<https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEM?TrustBitsInclude=Email>
Please let me know if you have feedback or recommendations about this.
Please note that at least the first CSV download is not really a CSV
file, as there are line feeds within each "PEM" value, and only one
column. It would probably be more useful as a simple concatenated PEM
file, as used by various software packages as a root store input format.
I have also noted that at least one downstream root store (Debian) takes
all Mozilla-trusted certificates and labels them as simply
"mozilla/cert-public-name", even though more useful naming can be
extracted from the last (most complete) report, after finding a non-gui
tool that can actually parse CSV files with embedded newlines in string
values.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
