Nelson B Bolyard wrote: > In Mozilla products, no roots have ever been SGC enabled. > Some roots were, and still are, marked as trusted for SSL Step Up. > Here's a list.
Is the marking internal to or external to the cert? The fact that you say no certs have ever been SGC-enabled makes me suspect that it's the latter, because some of the major certs on the list are ones I would expect to be SGC-enabled in IE. If it is the latter, what would be the effect of us removing the SSL Step Up trust bit in NSS for the list of roots you give? Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto