[7] [[Mozilla]] は[[ルートCA証明書]]ごとに [DFN[[[trust bits]]]] として[[証明書]]の用途を記述しています [SRC[>>6]]。 [10] 「ビット」としては「コード」、「電子メール」、「Webサイト」があるようです。 [11] [[証明書]]ごとに事前に設定されている他、[[利用者]]が設定することもできます。 [1] [CITE@en[986005 – Turn off SSL and Code Signing trust bits for VeriSign 1024-bit roots]] ([TIME[2015-04-06 18:51:59 +09:00]] 版) [2] [CITE@en[936105 – Remove or turn off trust bits for Symantec 1024-bit root certs]] ([TIME[2015-04-06 18:52:05 +09:00]] 版) [3] [CITE[Issue 274472 - chromium - SSL certificate imported via ONC does not maintain trust bits - An open-source project to help move the web forward. - Google Project Hosting]] ([TIME[2015-04-06 18:52:11 +09:00]] 版) [4] [CITE@en[986019 – Turn off SSL and Code Signing trust bits for Equifax 1024-bit roots]] ([TIME[2015-04-06 18:52:16 +09:00]] 版) [5] [CITE@ja[モジラ:ルート証明書へのトラストビット設定について:業界レポート:セキュリティ編 - GMOインターネット株式会社]] ([TIME[2015-04-06 18:52:21 +09:00]] 版) [6] [CITE@en[CA:IncludedCAs - MozillaWiki]] ([TIME[2015-04-06 13:46:35 +09:00]] 版) [FIG(quote)[ [FIGCAPTION[ [8] [CITE@en[Mozilla CA Certificate Policy — Mozilla]] ([TIME[2015-04-06 18:54:09 +09:00]] 版) ]FIGCAPTION] > The certificates included by default have their "trust bits" set for various purposes, so that the software in question can use the CA certificates to verify certificates for SSL servers, S/MIME email users, and digitally-signed code objects without having to ask users for further permission or information. ]FIG] [FIG(quote)[ [FIGCAPTION[ [9] [CITE@en[Mozilla CA Certificate Inclusion Policy — Mozilla]] ([TIME[2015-04-06 18:55:17 +09:00]] 版) ]FIGCAPTION] > We reserve the right to not include a particular CA certificate in our software products. This includes (but is not limited to) cases where we believe that including a CA certificate (or setting its "trust bits" in a particular way) would cause undue risks to users’ security ]FIG]