The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
Newsgroups: mozilla.dev.tech.crypto
From: Frank Hecker <hec...@mozillafoundation.org>
Date: Tue, 23 Dec 2008 13:14:42 +0000
Local: Tues, Dec 23 2008 8:14 am
Subject: Re: Unbelievable!
Eddy Nigg wrote: Do you mean the UTN-UserFirst-Hardware root? According to the screenshot > Disabling the trust bits of "AddTrust External CA Root" could be a > temporary measure to prevent damage to relying parties until Mozilla > receives full report and disclosure from Comodo about its resellers and > conclusion of their investigation. on your blog post, that's the root the bogus cert chains up to. Also, if we were to take action of this general sort (as a hypothetical), what about adding the PositiveSSL CA cert to NSS with the SSL trust bit disabled; wouldn't that accomplish the same purpose, without interfering with other parts of the hierarchy under the UTN-UserFirst-Hardware root? (I seem to recall we've discussed this sort of thing in the past.) Also note that any "suspension" of a root would last at last 1-3 months, Frank -- You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||