Hi Ben,
I’m not against removing old roots from the trust store, but is using the hash algorithm on the root the right criteria? I was under the impression that the root programs really embedded the public key and that the signature on the root was “irrelevant” from a security perspective once it was imbedded.
Doug
--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabt4tSD%3DyUgruO-dNbR%3DAjZzxkxDLostvG-xFKht5dYKg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/PUZPR03MB6129CCE0FC5122A48B7A5D30F0289%40PUZPR03MB6129.apcprd03.prod.outlook.com.