On Mon, 2014-07-28 at 21:02 +0200, Kai Engert wrote: > On Mon, 2014-07-28 at 11:00 -0700, Brian Smith wrote: > > I suggest that, instead of including the cross-signing certificates in > > the NSS certificate database, the mozilla::pkix code should be changed > > to look up those certificates when attempting to find them through NSS > > fails. > > We are looking for a way to fix all applications that use NSS, not just > Firefox. Only Firefox uses the mozilla::pkix library.
Actually, including intermediates in the Mozilla root CA list should even help applications that use other crypto toolkits (not just NSS). Kai _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
