Howdy all, I'm trying to understand the trust flags in the root CA list[1]. According to Bug #605187[2] , the AOL root cert[3] should be removed. However, it is still in the list and all the flags on it appear to the be the same as the DigiCert EV cert[4], which is the root cert used by mxr.mozilla.org itself.
Does this mean that AOL's root cert is still enabled? Where am I missing the trust bits? Apologies for the naive questions, -Daniel [1] - https://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt [2] - https://bugzilla.mozilla.org/show_bug.cgi?id=605187 [3] - https://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt#4605 [4] - https://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt#9627 _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
