Mozilla plans changes to web certification policy

The browser maker is reviewing a draft of changes to its policy on certification, which attempt to address problems with the way web certificates are issued

Mozilla is reviewing a final draft of its baseline policies to address problems in the way that web certificates are issued.

Mozilla wants Certificate Authorities (CAs) that issue web certificates to adopt a standard that has been dubbed Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (PDF), published by the Certificate and Browser Forum and still in a final draft.

Mozilla consultant Kathleen Wilson said on a development forum that from 30 June, Mozilla software will refuse certificates signed with the troubled MD5 hash algorithm for intermediate and end-entity CAs, and "will take this action earlier and at its sole discretion if necessary to keep our users safe".

The review comes amid breaches of a registration authority linked to certificate issuer Comodo, in which several certificates were stolen in a high-profile attack.

For more on this ZDNet UK-selected story, see Mozilla drafts changes to certificate policy on ZDNet Australia.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.