http://www.mozilla.org/projects/security/certs/policy
>From what I have seen on this list there has been a lot of talk about inclusion of various CA root certificates in the Mozilla distributions. IMO, most of these CAs are insignificant except for SSL certs. Why? Because the vast majority of organizations (in the rare situation that they use client-side PKI), actually issue their own client-certificates. BTW, I don't see that other providers of security software are particularly anxious extending their preconfigured trust lists. Some of the CAs like the recently discussed Hungarian CA also seem to be a of local interest in the same way as the 16(!) qualified certificate CAs operating in Italy. Anyway, if the goal is establishing a user/client-level CA trust list, Mozilla is not even close and that IMO makes the whole idea somewhat less powerful. It doesn't matter if it is wrong, stupid, or unsecure, but for consumer authentication local / private PKIs rule, and I don't see that changing due to things like business models, liability concerns, and cultural differences. I do not intend to respond to this posting because I understand that this is a sacred cow, and I do eat meat :-) Anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
