As I understand it, PSM/NSS will currently accept new certificates signed by trusted CAs, even if a *different* certificate is already known for that entity (I think even if the CA mismatches). Mozilla would show the lock / pen icon as if everything were OK and you'd never notice that you're now talking with the US government
Nelson, can you confirm or deny that, so that I can stop wondering? I don't feel like applying for 2 different certs just to try it out. If that problem indeed exists, I'd consider it a severe security problem and file a bug about it.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
