Hi Ivan, Thank you for your message.
As far as I am aware, the Mozilla Root Store Policy (MRSP) did not previously include an explicit “non-discrimination” clause, so nothing has been removed in that regard. However, item 6 in section 2.1 of the MRSP continues to require that CAs operate according to published criteria that we deem acceptable. While we don’t directly control the actions of CAs, we do evaluate their practices to ensure they align with Mozilla’s values and expectations for fairness and trustworthiness. If you're willing to share the name of the CA and any relevant correspondence, we can take a closer look at the circumstances and assess whether further follow-up is appropriate. Best regards, Ben Wilson Mozilla Root Program On Fri, Aug 1, 2025 at 10:17 AM 'Ivan' via [email protected] < [email protected]> wrote: > Hello, > I am writing to seek clarification on the interpretation of the Mozilla > Root Store Policy. > > In reviewing the latest version, I noted that the explicit > "Non-discrimination" clause, present in previous versions, has been > removed. This change raises a question about the current standards for CA > conduct under the policy. Specifically, this relates to Section 2.1, CA > Operations which requires CAs to operate under "published criteria that we > deem acceptable" > > To provide a concrete example, a Mozilla-trusted CA based in Poland > recently denied my application for a standard S/MIME certificate. The sole > reason provided for this refusal was my Belarusian nationality. This action > was taken despite my status as a long-term legal resident of the Poland. > For clarity, I am not on any sanctions list, and the CA has no legal > obligation to deny service on this basis. > > Given the absence of the specific non-discrimination clause, my question > is: How does Mozilla now assess the "acceptability" of a CA's operational > criteria when it results in a categorical denial of service based on > nationality, particularly when no legal requirements compel such a decision? > > Thank you for your time and clarification. > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/b744c853-ffcf-4b2d-9914-3386f51e8fb5n%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/b744c853-ffcf-4b2d-9914-3386f51e8fb5n%40mozilla.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZGmWxx_zwha8Uv70%2B620Y1P0ZP1N_7RuHsCu3CoJFoXw%40mail.gmail.com.
