Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Recommend Removing RSA Security 1024 V3 root certificate authority

1,320 views
Skip to first unread message

Kathleen Wilson

unread,
Apr 2, 2010, 1:19:35 PM4/2/10
to
All,

I propose that the "RSA Security 1024 V3" root certificate authority be
removed from NSS.

OU = RSA Security 1024 V3
O = RSA Security Inc
Valid From: 2/22/01
Valid To: 2/22/26
SHA1 Fingerprint:
3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76

I have not been able to find the current owner of this root. Both RSA
and VeriSign have stated in email that they do not own this root.

Therefore, to my knowledge this root has no current owner and no current
audit, and should be removed from NSS.

I have also filed a bug for this:
https://bugzilla.mozilla.org/show_bug.cgi?id=549701

I am now opening this proposal up to public discussion. Please respond
to this discussion if you have any knowledge of this root that would
help in making this decision.

By the way, To see the complete list of all of the root certificate
authorities that are included in NSS, and who currently owns/operates
them, go to http://www.mozilla.org/projects/security/certs/ and click on
the "List of all included root certificates" link. This will display the
public and published version of a spreadsheet that I maintain. There is
a column called "Company Website" which indicates the current owner of
each root.

Kathleen


Gen Kanai

unread,
Apr 2, 2010, 9:33:36 PM4/2/10
to dev-secur...@lists.mozilla.org

On 4/3/10 2:19 AM, Kathleen Wilson wrote:
> I have not been able to find the current owner of this root. Both RSA
> and VeriSign have stated in email that they do not own this root.
>
> Therefore, to my knowledge this root has no current owner and no current
> audit, and should be removed from NSS.
>
I concur.

Separately, do we know how a root with such a name (if RSA was not the owner) was installed?

--
Gen Kanai

Nelson Bolyard

unread,
Apr 3, 2010, 7:13:21 AM4/3/10
to
On 2010-04-02 10:19 PST, Kathleen Wilson wrote:
> All,
>
> I propose that the "RSA Security 1024 V3" root certificate authority be
> removed from NSS.
>
> OU = RSA Security 1024 V3
> O = RSA Security Inc
> Valid From: 2/22/01
> Valid To: 2/22/26
> SHA1 Fingerprint:
> 3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76
>
> I have not been able to find the current owner of this root. Both RSA
> and VeriSign have stated in email that they do not own this root.
>
> Therefore, to my knowledge this root has no current owner and no current
> audit, and should be removed from NSS.

Who owns the cert named "RSA Security 2048 V3"?
It was put into nssckbi at the same time as the 1024 v3 cert.
Is that one also owned by nobody?
If so, let's nuke 'em both together.

Nelson Bolyard

unread,
Apr 3, 2010, 7:14:20 AM4/3/10
to

See bugzilla bug 139874

Florian Weimer

unread,
Apr 3, 2010, 3:15:00 PM4/3/10
to gka...@gmail.com, dev-secur...@lists.mozilla.org
* Gen Kanai:

> Separately, do we know how a root with such a name (if RSA was not
> the owner) was installed?

They do not own it now, but the company likely created it.

For instance, the Equifax root isn't controlled by Equifax anymore,
and there a couple of such examples. There was a time when roots were
traded heavily.

Gervase Markham

unread,
Apr 5, 2010, 2:28:38 PM4/5/10
to
On 02/04/10 18:19, Kathleen Wilson wrote:
> I have not been able to find the current owner of this root. Both RSA
> and VeriSign have stated in email that they do not own this root.

That's rather worrying. Do we know for certain that one or other created
it originally? Do we know if it's in any other root stores other than
our own?

The lack of transparency in 2002 re: the source of added roots means we
have no idea whether e.g. some malicious actor slipped an extra one into
whatever list they were keeping internally to Netscape, and has been
MITMing people ever since.

Gerv

Kathleen Wilson

unread,
Apr 5, 2010, 2:53:18 PM4/5/10
to
On 4/5/10 11:28 AM, Gervase Markham wrote:
> On 02/04/10 18:19, Kathleen Wilson wrote:
>> I have not been able to find the current owner of this root. Both RSA
>> and VeriSign have stated in email that they do not own this root.
>
> That's rather worrying. Do we know for certain that one or other created
> it originally?

Both "RSA Security 1024 V3" and "RSA Security 2048 V3" have the same
validity dates of 2001 Feb 22 to 2026 Feb 22. I believe that both of
these roots were created by RSA. I have not been able to ascertain from
RSA whether the "RSA Security 1024 V3" root has been simply retired by
RSA versus transferred to another company via M&A activity.

The "RSA Security 2048 V3" root is covered under RSA's current audit
statement: https://cert.webtrust.org/SealFile?seal=981&file=pdf


> Do we know if it's in any other root stores other than
> our own?

Both "RSA Security 1024 V3" and "RSA Security 2048 V3" are shown as
valid in Apple's System Roots.

Microsoft's list includes "RSA Security 2048 V3", but not "RSA Security
1024 V3".


Kathleen

wwa...@gmx.de

unread,
Apr 6, 2010, 12:21:38 AM4/6/10
to
On Apr 5, 2:53 pm, Kathleen Wilson <kathleen95...@yahoo.com> wrote:
> Both "RSA Security 1024 V3" and "RSA Security 2048 V3" have the same
> validity dates of 2001 Feb 22 to 2026 Feb 22. I believe that both of
> these roots were created by RSA.

The same validity range is not a proof of any kind. It should really
be
checked if this CA was created by RSA or - which i do hope not - is
a rogue one by someone who just set the same date range in his
certificate and then somehow got it included.

This could be a utter security desaster. Lets hope it isn't.

Gervase Markham

unread,
Apr 6, 2010, 11:15:40 AM4/6/10
to
On 05/04/10 19:53, Kathleen Wilson wrote:
> Both "RSA Security 1024 V3" and "RSA Security 2048 V3" have the same
> validity dates of 2001 Feb 22 to 2026 Feb 22. I believe that both of
> these roots were created by RSA.

Do you believe that based solely on the validity dates?

If I had access to the machine of a Netscape NSS developer who was about
to update the root store, and I wanted to slip in a cert I had the
private key for, I'd add another entry to the store which was very
similar to an existing one but with one obvious difference, so that
people would assume they were a set.

Perhaps this is far-fetched and paranoid. But the fact that RSA know
nothing whatsoever about this root is rather concerning.

> Both "RSA Security 1024 V3" and "RSA Security 2048 V3" are shown as
> valid in Apple's System Roots.

Hmm. Do we have contacts at Apple who we can ask to see if they have
documentation on the provenance of this root?

Gerv

Ronny

unread,
Apr 6, 2010, 1:14:56 PM4/6/10
to
Google accepts "RSA Security 1024 V3" and "RSA Security 2048 V3" for
their Checkout API authentication too.

see http://checkout.google.com/support/sell/bin/answer.py?hl=en&answer=57856

According to bonsai, the certificate was installed in version 1.17
(http://bonsai.mozilla.org/cvsview2.cgi?
diff_mode=context&whitespace_mode=show&subdir=mozilla/security/nss/lib/
ckfw/
builtins&command=DIFF_FRAMESET&file=certdata.txt&rev1=1.16&rev2=1.17&root=/
cvsroot) by Julien Pierre as part of bug #139874 (https://
bugzilla.mozilla.org/show_bug.cgi?id=139874).

vortex

unread,
Apr 6, 2010, 2:34:13 PM4/6/10
to
On Apr 6, 1:14 pm, Ronny <ronny.peri...@gmail.com> wrote:
> Google accepts "RSA Security 1024 V3" and "RSA Security 2048 V3" for
> their Checkout API authentication too.
>
> seehttp://checkout.google.com/support/sell/bin/answer.py?hl=en&answer=57856

>
> According to bonsai, the certificate was installed in version 1.17
> (http://bonsai.mozilla.org/cvsview2.cgi?
> diff_mode=context&whitespace_mode=show&subdir=mozilla/security/nss/lib/
> ckfw/
> builtins&command=DIFF_FRAMESET&file=certdata.txt&rev1=1.16&rev2=1.17&root=/
> cvsroot) by Julien Pierre as part of bug #139874 (https://
> bugzilla.mozilla.org/show_bug.cgi?id=139874).

Did anyone check with Valicert? Apparently this very issue came up in
2006 in Debian world.
http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/5b33fa29d3d83c66/5a6fe5ca3e2da747?hl=en&ie=UTF-8&q=%22RSA+Security+1024+V3%22#5a6fe5ca3e2da747

wwa...@gmx.de

unread,
Apr 6, 2010, 3:01:26 PM4/6/10
to
On Apr 6, 8:34 pm, vortex <rafael.riv...@gmail.com> wrote:
> Did anyone check with Valicert? Apparently this very issue came up in
> 2006 in Debian world.http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/t...

You should better reread that message. Valicert has nothing to do with
this. The "RSA Security 1024 V3" CA was only shown as an example of a
CA by RSA in that message.

vortex

unread,
Apr 6, 2010, 3:14:01 PM4/6/10
to

You are absolutely correct, I shall return to my corner now (and try
to determine why Google isn't using my real name).

Kathleen Wilson

unread,
Apr 6, 2010, 3:22:04 PM4/6/10
to
I have received email from official representatives of RSA confirming
that RSA did indeed create the "RSA Security 1024 V3" root certificate
that is currently included in NSS (Netscape/Mozilla) and also in Apple's
root cert store.

Rob Stradling

unread,
Apr 6, 2010, 5:04:07 PM4/6/10
to dev-secur...@lists.mozilla.org, Kathleen Wilson
Kathleen, I'm glad to hear that you've received confirmation that RSA Security
did indeed create this Root Certificate. However, the fact that "Both RSA and
VeriSign have stated in email that they do not own this root" begs the
question:
Who (if anyone) possesses the private key now?

IMHO, this Root Certificate should definitely be removed from NSS unless the
current owner steps forward and:
1. Asks for it to not be removed, and...
2. Provides evidence that it is covered by an appropriate audit, and...
3. Provides evidence that the private key has been kept secure since it was
initially created by RSA Security.

BTW, this "story" has already been picked up by The Reg:
http://www.theregister.co.uk/2010/04/06/mysterious_mozilla_apple_certificate/

> _______________________________________________
> dev-security-policy mailing list
> dev-secur...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>

Rob Stradling
Senior Research & Development Scientist
C·O·M·O·D·O - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

Comodo CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender by replying
to the e-mail containing this attachment. Replies to this email may be
monitored by Comodo for operational or business reasons. Whilst every
endeavour is taken to ensure that e-mails are free from viruses, no liability
can be accepted and the recipient is requested to use their own virus checking
software.

Rob Stradling

unread,
Apr 6, 2010, 5:24:08 PM4/6/10
to dev-secur...@lists.mozilla.org, Kathleen Wilson
On Tuesday 06 April 2010 22:04:07 Rob Stradling wrote:
> Kathleen, I'm glad to hear that you've received confirmation that RSA
> Security did indeed create this Root Certificate. However, the fact that
> "Both RSA and VeriSign have stated in email that they do not own this
> root" begs the question:
> Who (if anyone) possesses the private key now?
>
> IMHO, this Root Certificate should definitely be removed from NSS unless
> the current owner steps forward and:
> 1. Asks for it to not be removed, and...
> 2. Provides evidence that it is covered by an appropriate audit, and...
> 3. Provides evidence that the private key has been kept secure since it was
> initially created by RSA Security.

Kathleen, are you satisfied that the private keys for all the other Root
Certificates currently in NSS (especially those added back in the Netscape
era) were created securely and have always been held securely?

Or are there any others that need to be investigated in the same manner that
you've just been doing with "RSA Security 1024 V3"?

> BTW, this "story" has already been picked up by The Reg:
> http://www.theregister.co.uk/2010/04/06/mysterious_mozilla_apple_certificat
> e/
>
> On Tuesday 06 April 2010 20:22:04 Kathleen Wilson wrote:

Eddy Nigg

unread,
Apr 6, 2010, 5:25:53 PM4/6/10
to
On 04/07/2010 12:04 AM, Rob Stradling:

> BTW, this "story" has already been picked up by The Reg:
> http://www.theregister.co.uk/2010/04/06/mysterious_mozilla_apple_certificate/
>

We are used to quite a bit.... but one wonders what next?

:-)

--
Regards

Signer: Eddy Nigg, StartCom Ltd.
XMPP: star...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg

Gervase Markham

unread,
Apr 6, 2010, 5:27:39 PM4/6/10
to
On 06/04/10 16:15, Gervase Markham wrote:
> Perhaps this is far-fetched and paranoid. But the fact that RSA know
> nothing whatsoever about this root is rather concerning.

In case it's not clear by now, this is not true, RSA did create the
root, and any suggestion that the private key is in the hands of unknown
people was wild speculation on my part utterly unbacked by evidence.

:-|

Gerv

Kathleen Wilson

unread,
Apr 6, 2010, 5:30:38 PM4/6/10
to
On 4/6/10 2:24 PM, Rob Stradling wrote:
> On Tuesday 06 April 2010 22:04:07 Rob Stradling wrote:
>> Kathleen, I'm glad to hear that you've received confirmation that RSA
>> Security did indeed create this Root Certificate. However, the fact that
>> "Both RSA and VeriSign have stated in email that they do not own this
>> root" begs the question:
>> Who (if anyone) possesses the private key now?
>>
>> IMHO, this Root Certificate should definitely be removed from NSS unless
>> the current owner steps forward and:
>> 1. Asks for it to not be removed, and...
>> 2. Provides evidence that it is covered by an appropriate audit, and...
>> 3. Provides evidence that the private key has been kept secure since it was
>> initially created by RSA Security.

Email from RSA indicates that this "RSA Security 1024 V3" root is
retired and should be removed from NSS.


> Kathleen, are you satisfied that the private keys for all the other Root
> Certificates currently in NSS (especially those added back in the Netscape
> era) were created securely and have always been held securely?
>
> Or are there any others that need to be investigated in the same manner that
> you've just been doing with "RSA Security 1024 V3"?

This was the only root that I could not get answers from a CA from in
regards to recent audit, state of the root, and recommendation to remove
or disable the root.

Rob Stradling

unread,
Apr 6, 2010, 5:44:01 PM4/6/10
to dev-secur...@lists.mozilla.org, Kathleen Wilson
Thanks Kathleen. I think this episode clearly demonstrates why it was a very
good idea for you compile that list, so thanks a lot for your hard work!

Eddy Nigg

unread,
Apr 6, 2010, 6:02:22 PM4/6/10
to

Errr...RSA and Verisign both indicated that they didn't own the root
NOW...or something like this. RSA probably created it though.

Kathleen Wilson

unread,
Apr 6, 2010, 6:21:24 PM4/6/10
to
An official representative of RSA has sent me email to confirm that RSA
is still in possession of the private key for the "RSA Security 1024 V3"
root certificate.

RSA has also agreed that the "RSA Security 1024 V3" root certificate

should be removed from NSS.

Kathleen


Eddy Nigg

unread,
Apr 6, 2010, 6:27:06 PM4/6/10
to
On 04/07/2010 01:21 AM, Kathleen Wilson:

Excellent, so all is fine then. And the root can be removed.

lix

unread,
Apr 6, 2010, 6:58:10 PM4/6/10
to
On Apr 6, 11:27 pm, Eddy Nigg <eddy_n...@startcom.org> wrote:
> On 04/07/2010 01:21 AM, Kathleen Wilson:

a bit faster response would have been better

is there anybody tracking these on the top of the vendor?

just curious...


>
> > An official representative of RSA has sent me email to confirm that
> > RSA is still in possession of the private key for the "RSA Security
> > 1024 V3" root certificate.
>
> > RSA has also agreed that the "RSA Security 1024 V3" root certificate
> > should be removed from NSS.
>
> Excellent, so all is fine then. And the root can be removed.
>
> --
> Regards
>
> Signer:  Eddy Nigg, StartCom Ltd.

> XMPP:    start...@startcom.org

Eddy Nigg

unread,
Apr 6, 2010, 7:06:13 PM4/6/10
to lix
On 04/07/2010 01:58 AM, lix:

> On Apr 6, 11:27 pm, Eddy Nigg<eddy_n...@startcom.org> wrote:
>
>> On 04/07/2010 01:21 AM, Kathleen Wilson:
>>
> a bit faster response would have been better
>
> is there anybody tracking these on the top of the vendor?
>

If not, would you like to volunteer?

> just curious...
>

Yeah, me too :-)

--
Regards

Signer: Eddy Nigg, StartCom Ltd.

XMPP: star...@startcom.org

Eddy Nigg

unread,
Apr 6, 2010, 7:06:20 PM4/6/10
to
On 04/07/2010 01:58 AM, lix:
> On Apr 6, 11:27 pm, Eddy Nigg<eddy_n...@startcom.org> wrote:
>
>> On 04/07/2010 01:21 AM, Kathleen Wilson:
>>
> a bit faster response would have been better
>
> is there anybody tracking these on the top of the vendor?
>

If not, would you like to volunteer?

> just curious...
>

Yeah, me too :-)

--
Regards

Signer: Eddy Nigg, StartCom Ltd.

XMPP: star...@startcom.org

lix

unread,
Apr 6, 2010, 7:09:21 PM4/6/10
to
On Apr 7, 12:06 am, Eddy Nigg <eddy_n...@startcom.org> wrote:
> On 04/07/2010 01:58 AM, lix:
>
> > On Apr 6, 11:27 pm, Eddy Nigg<eddy_n...@startcom.org>  wrote:
>
> >> On 04/07/2010 01:21 AM, Kathleen Wilson:
>
> > a bit faster response would have been better
>
> > is there anybody tracking these on the top of the vendor?
>
> If not, would you like to volunteer?

definitely, i have this nice striped notebook and my pencil(2B) and
ready to go!

;)

Eddy Nigg

unread,
Apr 6, 2010, 7:16:38 PM4/6/10
to
On 04/07/2010 02:09 AM, lix:

>> If not, would you like to volunteer?
>>
> definitely, i have this nice striped notebook and my pencil(2B) and
> ready to go


Excellent! I'm certain that Kathleen will give you the necessary
instructions. Thanks for joining!

Kurt Seifried

unread,
Apr 6, 2010, 7:25:54 PM4/6/10
to Eddy Nigg, dev-secur...@lists.mozilla.org
> If not, would you like to volunteer?

I too would volunteer, I think this is critical enough that it
deserves more than one set of eyeballs (ala code review).

Can Kathleen or Jonathan perhaps set us up with an introductory email
with the various certificate authorities so we know who to talk to,
and they know why we are trying to talk to them.

What information exactly would we be gathering? I imagine:

certificate (serial number, etc.)
owner of certificate
who is in control of the certificate (i.e operational use),
location/affiliations/etc.
what the certificate is used for (in plain English terms)
last time an audit was done (especially if the audit is pre-handover
assuming the certificate has changed hands)
contact information/how to report a stolen/improperly issued cert/etc.

would be a useful start. Then dump this all into a spread sheet online?

I've also been trying to gather a list of methods/etc. used to
validate domains/email addresses by various CAs but it's slow going. I
know such a list would definitely help me and others decide who we can
trust.

-Kurt

Eddy Nigg

unread,
Apr 6, 2010, 7:55:59 PM4/6/10
to
On 04/07/2010 02:25 AM, Kurt Seifried:

>> If not, would you like to volunteer?
>>
> I too would volunteer, I think this is critical enough that it
> deserves more than one set of eyeballs (ala code review).
>

Kathleen, you've got new volunteers :-)

> Can Kathleen or Jonathan perhaps set us up with an introductory email
> with the various certificate authorities so we know who to talk to,
> and they know why we are trying to talk to them.
>

I don't that's necessary at this point. You can gather information that
is publicly available (or should be available). Kathleen can then do the
polishing :-)

> would be a useful start. Then dump this all into a spread sheet online?
>

IIRC that spreadsheet and quite some information exists already.
Unfortunately I don't recall the location now.

> I've also been trying to gather a list of methods/etc. used to
> validate domains/email addresses by various CAs but it's slow going.

Honestly I tried that too at some point. It's quite difficult.

> I know such a list would definitely help me and others decide who we can trust.
>

Yes, it probably would.

Eddy Nigg

unread,
Apr 6, 2010, 8:18:40 PM4/6/10
to
I don't think that's necessary at this point.

Kathleen Wilson

unread,
Apr 6, 2010, 10:04:55 PM4/6/10
to
On 4/6/10 4:25 PM, Kurt Seifried wrote:
> What information exactly would we be gathering? I imagine:
>
> certificate (serial number, etc.)
> owner of certificate
> who is in control of the certificate (i.e operational use),
> location/affiliations/etc.
> what the certificate is used for (in plain English terms)
> last time an audit was done (especially if the audit is pre-handover
> assuming the certificate has changed hands)
> contact information/how to report a stolen/improperly issued cert/etc.
>
> would be a useful start. Then dump this all into a spread sheet online?

Last year I created a spreadsheet with the following information for
each root included in NSS, and I maintain this spreadsheet now.

Approval Bug#
Primary Contact
CA Email Alias
CA Phone Number
Title/Department
Company Website
CP URL
CPS URL
Audit URL
EV Audit URL
Date of Latest Audit

I publish a portion of this spreadsheet as per the following:


To see the complete list of all of the root certificate authorities that
are included in NSS, and who currently owns/operates them, go to
http://www.mozilla.org/projects/security/certs/ and click on the "List
of all included root certificates" link. This will display the public
and published version of a spreadsheet that I maintain. There is a
column called "Company Website" which indicates the current owner of
each root.

Bug #534274 is the bug I used in regards to removal/disablement of the
root certs in NSS for which I did not find a recent audit statement. All
of the owning CAs had communicated with me in regards to those roots,
except for this RSA root. This particular RSA root was the only root
that I could not get information on until today, which is why I had
separated it out into its own bug.

Kathleen


Jean-Marc Desperrier

unread,
Apr 7, 2010, 4:38:24 AM4/7/10
to

Obviously AOL/Netscape had back then some other document than the
content of this bug to follow the certs that needed to be added.

Julien Pierre intervened in the bug
https://bugzilla.mozilla.org/show_bug.cgi?id=549701#c4 to confirm the
cert was verified at least 3 times before the checkin.

Kathleen Wilson

unread,
Apr 7, 2010, 6:28:07 PM4/7/10
to
On 4/2/10 10:19 AM, Kathleen Wilson wrote:
> All,
>
> I propose that the "RSA Security 1024 V3" root certificate authority be
> removed from NSS.
>
> OU = RSA Security 1024 V3
> O = RSA Security Inc
> Valid From: 2/22/01
> Valid To: 2/22/26
> SHA1 Fingerprint:
> 3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76
>

Thank you to all of you who participated in this discussion.

I am now closing this discussion, and I will update the bug to indicate
that this root should be removed from NSS. Any further follow-up should
be added directly to the bug.

https://bugzilla.mozilla.org/show_bug.cgi?id=549701

Thanks,
Kathleen

Kyle Hamilton

unread,
Apr 8, 2010, 8:57:06 PM4/8/10
to lix, dev-security-policy
On Tue, Apr 6, 2010 at 3:58 PM, lix <lec...@gmail.com> wrote:
> On Apr 6, 11:27 pm, Eddy Nigg <eddy_n...@startcom.org> wrote:
>> On 04/07/2010 01:21 AM, Kathleen Wilson:
>
> a bit faster response would have been better
>
> is there anybody tracking these on the top of the vendor?

Kathleen's job is to keep track of this. She found a deficiency in
her records, and acted to correct it.

That she has received official communication from VeriSign that they
wish to remove the 1024-bit root short-circuits the discovery phase,
and since the owner of the private key doesn't want it supported in
Mozilla anymore, I think we should simply remove it (per the
discussion of "what happens when a vendor wants to remove their
certificate" we had a few months ago).

-Kyle H

Nelson B

unread,
Apr 9, 2010, 12:00:54 AM4/9/10
to

It's already done in the source tree.
https://bugzilla.mozilla.org/show_bug.cgi?id=557937

0 new messages