Anders Rundgren wrote:
From what I have seen on this list there has been a lot of talk about
inclusion of various CA root certificates in the Mozilla distributions.
IMO, most of these CAs are insignificant except for SSL certs.
I'm not sure your intended meaning is. There is no significant use of
CA-issued certificates on the public Internet other than for enabling
SSL/TLS.
The primary reason CAs apply to have certificates included into NSS, and
the primary reason we have a policy about this, is because CAs want
their customers' SSL certificates recognized in Firefox.
Why? Because the vast majority of organizations (in the rare situation that
they use client-side PKI), actually issue their own client-certificates.
Yes, because almost all use of client certificates is in enterprise
networks, not on the public Internet.
BTW, I don't see that other providers of security software are particularly
anxious extending their preconfigured trust lists.
To the contrary: Microsoft has an active program evaluating and
accepting new root certificates for inclusion into Windows. They do it
for the same reason we do: because CAs, web site operators, and users
themselves don't want to see errors occur when connecting to SSL-enabled
web sites.
Frank
--
Frank Hecker
[EMAIL PROTECTED]
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto