On 21/07/10 07:26, Amax Guan wrote:
I think basically it's because they have too much Cert to issue (One for each user), it cost too much money, and they do not want anyone else to know how many users they have, and their names, including the CA.
Right. I am not suggesting that they get client certs from Verisign, I am suggesting they get their server cert from Verisign. There is no need for their server SSL cert to use the same CA as their client certs (at least; I don't think so - I'm open to being corrected).
But if you generate a user Certificate that's issued by a untrusted CA, there will be an alert popup.
Can some NSS or PSM hacker explain why this is? Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
