David E. Ross wrote: > There is NO Network Solutions root certificate in SeaMonkey. There > are four AddTrust root certificates in SeaMonkey.
To clear up some uncertainty here - these are: AddTrust Class 1 CA Root AddTrust External CA Root AddTrust Public CA Root AddTrust Qualified CA Root All of them are owned by Comodo nowadays - cf. e.g. http://www.comodo.com/repository/09_22_2006_Certification_Practice_Statement_v.3.0.pdf. In this CPS, Comodo states (section 2.1.1): > In a similar manner, Comodo protects its UTN and AddTrust CA Root key > pairs in accordance with its AICPA/CICA WebTrust program compliant > infrastructure and CPS. [Comodo's current WebTrust audit report: https://cert.webtrust.org/SealFile?seal=537&file=pdf] > Enabling AddTrust External CA Root (only one of the four) allowed me > to view my monthly statement As far as I see, Comodo is only actively using the second from the list above (the "External" one), although they tout themselves to be "the second largest owners of root keys owning 11 root keys, (VeriSign is the largest owner with 13 root keys)" (http://www.instantssl.com/ssl-certificate-products/rootkey.html). [1] > without having to accept the bank's site > certificate or install a Network Solutions certificate. Network Solutions doesn't have its own root certificate, but instead uses intermediate CA certs which chain up to one of three common roots (see http://www.networksolutions.com/legal/SSL-legal-repository-cps.jsp#1.7). Kaspar [1] For some historical perspective, see http://www.mail-archive.com/cryptography@wasabisystems.com/msg02331.html (RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
