From 38b00ec83877bcaf3acfef023a349c4773c90bd3 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Sat, 19 Apr 2025 21:29:27 +0300
Subject: [PATCH] =?utf8?q?=D0=9A=D0=B0=D0=BA=D0=B8=D0=B5=20CA=20=D0=B4?=
 =?utf8?q?=D0=BE=D0=B2=D0=B5=D1=80=D1=8F=D1=8E=D1=82=D1=81=D1=8F=20=D1=81?=
 =?utf8?q?=D0=BE=D0=B7=D0=B4=D0=B0=D1=82=D0=B5=D0=BB=D1=8F=D0=BC=D0=B8=20w?=
 =?utf8?q?eb-=D0=BE=D0=B1=D0=BE=D0=B7=D1=80=D0=B5=D0=B2=D0=B0=D1=82=D0=B5?=
 =?utf8?q?=D0=BB=D0=B5=D0=B9=3F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

В рассылке задали вопрос: Why aren't any browser makers also CA's?
На что дали исчерпывающий ответ:

    Apple is a CA, at least according to themselves.

    Google is a CA, at least according to themselves, Microsoft and Mozilla.

    Microsoft is a CA, according to themselves, Apple, Google and Mozilla.

    Mozilla is the only one that doesn't seem to be trusted as a CA by any
    of the major browser makers, but I won't rule out that I'm searching
    for the wrong thing.

    I'm pretty sure as someone controlling a host name you can get an
    actual TLS certificate at least from Google.

    Apple's list of currently trusted CAs: https://support.apple.com/en-us/121672
    linked from https://support.apple.com/en-us/103272

    Google's: https://chromium.googlesource.com/chromium/src/+/main/net/data/ssl/chrome_root_store/root_store.md
    linked from https://pkic.org/ltl/

    Microsoft's: https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT
    linked from https://learn.microsoft.com/en-us/security/trusted-root/participants-list

    Mozilla's: https://ccadb.my.salesforce-sites.com/mozilla/CACertificatesInFirefoxReport
    linked from https://wiki.mozilla.org/CA/Included_Certificates
-- 
2.51.0