[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Michael Kjörling
9bf3a7ef93bb at ewoof.net
Sat Apr 19 09:34:50 EDT 2025
On 18 Apr 2025 19:28 -0400, from leichter at lrw.com (Jerry Leichter):
> Pulling this all together: Why aren't any browser makers also CA's?
Apple is a CA, at least according to themselves.
Google is a CA, at least according to themselves, Microsoft and Mozilla.
Microsoft is a CA, according to themselves, Apple, Google and Mozilla.
Mozilla is the only one that doesn't seem to be trusted as a CA by any
of the major browser makers, but I won't rule out that I'm searching
for the wrong thing.
I'm pretty sure as someone controlling a host name you can get an
actual TLS certificate at least from Google.
Apple's list of currently trusted CAs: https://support.apple.com/en-us/121672
linked from https://support.apple.com/en-us/103272
Google's: https://chromium.googlesource.com/chromium/src/+/main/net/data/ssl/chrome_root_store/root_store.md
linked from https://pkic.org/ltl/
Microsoft's: https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT
linked from https://learn.microsoft.com/en-us/security/trusted-root/participants-list
Mozilla's: https://ccadb.my.salesforce-sites.com/mozilla/CACertificatesInFirefoxReport
linked from https://wiki.mozilla.org/CA/Included_Certificates
--
Michael Kjörling
🔗 https://michael.kjorling.se
More information about the cryptography
mailing list