Mozilla is reviewing a final draft of its baseline policies to address problems in the way that web certificates are issued.
Mozilla wants Certificate Authorities (CAs) that issue web certificates to adopt a standard that has been dubbed Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (PDF), published by the Certificate and Browser Forum and still in a final draft.
Mozilla consultant Kathleen Wilson said on a development forum that from 30 June, Mozilla software will refuse certificates signed with the troubled MD5 hash algorithm for intermediate and end-entity CAs, and "will take this action earlier and at its sole discretion if necessary to keep our users safe".
The review comes amid breaches of a registration authority linked to certificate issuer Comodo, in which several certificates were stolen in a high-profile attack.
For more on this ZDNet UK-selected story, see Mozilla drafts changes to certificate policy on ZDNet Australia.