From 38b00ec83877bcaf3acfef023a349c4773c90bd3 Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Sat, 19 Apr 2025 21:29:27 +0300 Subject: [PATCH] =?utf8?q?=D0=9A=D0=B0=D0=BA=D0=B8=D0=B5=20CA=20=D0=B4?= =?utf8?q?=D0=BE=D0=B2=D0=B5=D1=80=D1=8F=D1=8E=D1=82=D1=81=D1=8F=20=D1=81?= =?utf8?q?=D0=BE=D0=B7=D0=B4=D0=B0=D1=82=D0=B5=D0=BB=D1=8F=D0=BC=D0=B8=20w?= =?utf8?q?eb-=D0=BE=D0=B1=D0=BE=D0=B7=D1=80=D0=B5=D0=B2=D0=B0=D1=82=D0=B5?= =?utf8?q?=D0=BB=D0=B5=D0=B9=3F?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit В рассылке задали вопрос: Why aren't any browser makers also CA's? На что дали исчерпывающий ответ: Apple is a CA, at least according to themselves. Google is a CA, at least according to themselves, Microsoft and Mozilla. Microsoft is a CA, according to themselves, Apple, Google and Mozilla. Mozilla is the only one that doesn't seem to be trusted as a CA by any of the major browser makers, but I won't rule out that I'm searching for the wrong thing. I'm pretty sure as someone controlling a host name you can get an actual TLS certificate at least from Google. Apple's list of currently trusted CAs: https://support.apple.com/en-us/121672 linked from https://support.apple.com/en-us/103272 Google's: https://chromium.googlesource.com/chromium/src/+/main/net/data/ssl/chrome_root_store/root_store.md linked from https://pkic.org/ltl/ Microsoft's: https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT linked from https://learn.microsoft.com/en-us/security/trusted-root/participants-list Mozilla's: https://ccadb.my.salesforce-sites.com/mozilla/CACertificatesInFirefoxReport linked from https://wiki.mozilla.org/CA/Included_Certificates -- 2.51.0