The automatic root update is part of Windows XP and Windows 2003. Prior versions get the new root bundles using normal Windows Update.
Microsoft selected WebTrust for Certification Authorities as the standard for inclusion in the root store -- they also gave a window for CAs who were already in the root store to gain compliance with WebTrust for CAs. Part of the responsibilities a CA takes on with WebTrust is to continue ongoing audit procedures to maintain compliance. With the update, Microsoft can remove CAs that fall out of line. I do not know if this has actually occurred, or if they can remove CAs that have been manually trusted by the user (ie as a countermeasure against rogue CAs). _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
