On 09/18/2008 01:43 PM, Eddy Nigg: >> Even if its issuer name matches that of >> a known and trusted CA, it may be a cert crafted by an attacker >
I wanted to add here, that if this were true, than this would apply for any certificate, including server certs, CA certs and anything in the path. I sincerely believe that creating such a certificate which would appear and understood by NSS as being issued by a CA root NSS trusts is nearly impossible. Otherwise we'll have to look into this more in detail as it would mean that NSS might be fooled by a specially crafted certificate. It would literally mean, that somebody could play CA... -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
