Ian Grigg wrote:
Note that many of the risks and threat scenarios discussed above could result from factors unrelated to CAs and certificates. To take but one example, it is possible that an attacker might exploit a non-SSL vulnerability in Mozilla to cause the browser's status bar and/or URL input field to display an incorrect site name when connecting to the attacker's web site.
That has been acknowledged before. Those other security risks should be the subject of separate discussions, outside the context of the CA cert policy for Mozilla.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
