On 15/09/15 01:12, Anil Gulati wrote: > To remove unnecessary impediments to Firefox use and adoption wouldn't it > make sense to configure Firefox to use the OS cert store by default, and > allow an option to use internal cert database?
We would love it if the OS would give us a list of _just_ the user-installed certs, but as far as we are aware, this is not possible on Windows. See https://bugzilla.mozilla.org/show_bug.cgi?id=432802 for more details. As I noted there, due to these API problems, "recognizing the Windows trust store is equivalent to abandoning our own root program and adopting whatever Microsoft decides (because we can't tell which certs are user-imported and which are MS-provided). That would not be a good thing for the web." Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
