As far as the (re)distribution question has goes, what you "probably" cannot do without permission is to redistribute the actual *package* of certificates that Netscape has put together for the purpose of embedding in their browser. Since the overwhelming majority (if not 100%) of
Well, Netscape 6 and forward are governed with NPL/MPL/GPL (check exact version of the software to see which is applicable). Also Mozilla distributes if not identical list then pretty close, and the current version is under MPL 1.1/GPL 2 or later (check the files and licenses for actual details). LXR link: http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt
Roland Krikava has created a Ruby script that can extract the root certificate list from the Mozilla/Netscape "build format" and store it in OpenSSL PEM format. There is also an already extracted list available for download. See http://curl.haxx.se/docs/caextract.html
-- Heikki Toivonen
signature.asc
Description: OpenPGP digital signature
