Feature request: Explore Certz CA / blockchain-backed certificate authority trust model

[daBatmanCoder]

Hi Waterfox team,

I’m building a research/demo project called Certz:
https://github.com/daBatmanCoder/Certz

I also wrote a longer explanation here:
https://medium.com/@jonakandel/building-certz-a-blockchain-based-certificate-authority-0f5f1e6d6fdf

The short version:

Certz is an experiment in reducing the need to depend on a traditional centralized Certificate Authority. The CA signing key is generated and held inside confidential compute on Oasis Sapphire, certificate issuance is anchored on-chain, and a browser extension can verify:

• the Certz certificate
• the on-chain registry record
• revocation / validity
• proof that the website currently holds the matching private key

For the demo, I imported the Certz ca-root.pem into Waterfox’s Authorities store manually, checked “Trust this CA to identify websites”, and Waterfox was able to show the normal browser lock for a Certz-issued local TLS certificate.

I wanted to ask whether Waterfox would be open to exploring this kind of model as an experimental / opt-in trust path.

I understand that adding a CA root to the default trust store is a serious security decision and should require audits, policy, governance, and a lot more work.

I’m mainly asking whether this is interesting to the Waterfox team as an experimental browser trust direction, and where the right place would be to continue the discussion.

Thanks!