Many times applications ship a CA certificates bundle with the product. Many times they are derived or extracted from the certdata.txt [1] file or simply exported from the browser.
Since sometimes there are some licensing concerns with the certdata.txt file, I wanted to know exactly what one is allowed to do. If for example by merely extracting the CA certificates with a tool like http://curl.haxx.se/lxr/source/lib/mk-ca-bundle.pl still requires the resulting CA bundle to be bound to the tri-license of Mozilla? Or can I simply extract all CA certificates from the browser by exporting them? Obviously the CA certificates themselves aren't property of Mozilla, but of the CAs, I wonder if the certdata.txt and/or and extraction from it changes anything. Does Mozilla in one of the cases still retain the copyrights? Can a waver be granted for this specific file? I simply don't know the answer, but try to help another project solve an issue with this, which affects many other applications. Thanks! [1] http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
