I'd like briefly to address PSC's unusual selection of QUOVADIS to name their withdrawn signature (QuoVadis being only one of the dozens of CAs represented in the root store).
QuoVadis is a reputable CA located in Bermuda and with operations in Swtizerland and New Zealand. In addition to Mozilla, its root is distributed in Windows, Apple, RIM/Blackberry, and others. Among its various security accreditations, the company holds a Webtrust for CAs seal (conducted by Ernst & Young) as well as an ETSI TS 101.456 certification (conducted by KPMG as part of its licensing as a Qualified Service Provider in Europe). The unfortunate mistakes made by PSC would have been avoided through basic research about Mozilla and certification authorities. Any imputation by PSC of "dubious CAs" should be backed up by concrete evidence rather than libellous hyperbole. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security