On 27/03/15 19:09, Peter Kurrasch wrote: > 1) Mozilla could refuse to validate any intermediate cert which CNNIC > has issued to a subordinate CA. (Note: I'm not sure that's the > technically precise term here.) Basically, CNNIC may issue > intermediates for itself but those paths going outside their > organization would no longer be trusted. The root itself would remain > in the trust store.
How do you suggest that this is determined in software? > 2) I don't think MCS should be trusted to issue certs no matter who > provides them with intermediate authority. Leaving aside my opinion on that question, again, how can you determine in software that a certificate has been issued by this particular company called MCS? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy