

Requirements for CNNIC re-application - dengnan
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/zed2F-aNbDc

======
dengnan
Some background of the story:

CNNIC is a root CA from China. It issued a false certificate[0] and got
revoked by both Google[1] and Mozilla[2].

CNNIC is also believed to behind some MITM attack against iCloud[3]. Pulling
CNNIC from Firefox was once discussed five years ago on Mozilla's bugzilla[4,
5, 6].

0\. [https://cpj.org/blog/2015/03/chinas-cnnic-breaches-sacred-
cr...](https://cpj.org/blog/2015/03/chinas-cnnic-breaches-sacred-crypto-trust-
endanger.php) 1\.
[http://googleonlinesecurity.blogspot.com/2015/03/maintaining...](http://googleonlinesecurity.blogspot.com/2015/03/maintaining-
digital-certificate-security.html?m=1) 2\.
[http://www.theregister.co.uk/2015/04/02/mozilla_revokes_cnni...](http://www.theregister.co.uk/2015/04/02/mozilla_revokes_cnnic_cert_trust/)
3\. [https://en.greatfire.org/blog/2014/oct/china-collecting-
appl...](https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-
data-attack-coincides-launch-new-iphone) 4\.
[https://bugzilla.mozilla.org/show_bug.cgi?id=542689](https://bugzilla.mozilla.org/show_bug.cgi?id=542689)
5\.
[https://bugzilla.mozilla.org/show_bug.cgi?id=476766](https://bugzilla.mozilla.org/show_bug.cgi?id=476766)
6\.
[https://bugzilla.mozilla.org/show_bug.cgi?id=607208](https://bugzilla.mozilla.org/show_bug.cgi?id=607208)

