Andrews, Rick wrote: > VeriSign has a number of root certificates (not just EV certs) pending > approval to be included in the trust store. It's pretty important to us > that all these roots make it into FF3. > > Can anyone tell me if it's likely that these certs will be approved in > time for FF3?
> Where can I find a list of features included in FF3? Does it include > support for SHA-256 and ECC? Those questions are more for the crypto group. I redirect the discussion there : mozilla.dev.tech.crypto The current status for such request appears here : http://www.mozilla.org/projects/security/certs/pending As no root other than the G5 root appear there, you seem to have a problem. Make sure that a request similar to the one in bug 402947 is filled for each of them (if they indeed are not already in the store), with all the info you provided in bug 402947. The page is not fully up to date. The EV root is now at the public discussion stage, so has good chances to be ready in time for Fx 3.0 : http://groups.google.fr/group/mozilla.dev.tech.crypto/msg/431708fc3724f9fc But if it, or any other requet, misses 3.0, it can be included in any point release later. The support for SHA-256 and ECC are more dependant on the security libray NSS than on FF itself. NSS has support for sha-256 since Fx 1 I believe, but even the latest nightly does not announce support for any sha-256 based ciphersuite (they announce support for several ECDSA suite). This being said, it seems from a quick check there currently exists no officially defined SHA-256 based ciphersuite. The only spec with that currently is a draft "draft-ietf-tls-ecc-new-mac-04.txt" and has not yet reserved numbers for them (which makes it impossible to implement). _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto