Jean-Marc Desperrier wrote:
Nelson Bolyard wrote:
It simply MUST NOT become the case that everyone who has a problem
with a cert from a trusted CA receives their customer support from
mozilla. CAs cannot rely on bugzilla.mozilla.org as their bug
tracking system.
But it will happen if NSS is the only application around enforcing some
rules.
Well, it simply hasn't been a problem with any but 1 or 2 of the
professionally operated CAs now in the trust list. It has primarily
been a problem with little homebrew CAs.
Maybe the best solution would be an on-line page that can test certs,
and tell with a lot of details, references to the norms, what is wrong
in them.
That would be a nice tool, but mozilla is certainly not obliged to
produce it, nor likely to IMO. Considering how few people ever
contribute to mozilla's security, it would seem even more unlikely that
they'd contribute to such a project.
To carry my proposal one step farther, once there are some good (meaning
well run, trouble free) low cost CAs in the trusted list, I think mozilla's
policy should simply refuse to accept bug reports from people who are
still out there trying to be their own CAs, sans clue. The policy would
say that bug reports are accepted regarding certs from the trusted CAs,
only, and not from non-trusted CAs.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
