> I am new to this forum, so I apologize if this issue has been addressed > already. However, I have searched the newsgroup archives and bugzilla > and haven't found any related threads, so here goes:
Frank has a *draft* policy page here: http://www.hecker.org/mozilla/ca-certificate-policy/ > Does Mozilla/NSS have a policy for adding "Intermediate Certification > Authorities"? In particular, I am interested in the "Starfield Secure > Certification Authority", owned by "Starfield Technologies, Inc." > (a.k.a. GoDaddy).... > They are certified by WebTrust (description below). Others will no doubt explain precisely how to do it, but the basic process is to file a bug with Bugzilla (see point 5 above link). If a WebTrust is in hand, then it's currently a process issue. > In the IE Certificates window, there is a tab for "Intermediate > Certification Authorities". There are currently 18 (at least on my > system) CAs listed here, including Starfield and several other providers > (6 are for Microsoft themselves). There is no similar tab in the > Firefox Certificate Manager, so perhaps this functionality would need to > be added first, presenting additional complications. I for one don't see the point of differentiating. The main criteria that is *currently* used is whether there is a WebTrust or equivalent. Beyond that, I can't see any point in expending time and effort on showing more information on the cert validation chain, when the basic attacks are avoiding SSL and certs altogether. But, see elsewhere for rants on how the brand of the CA should be writ large and bright, and not tucked away in some obscure "Certificates" tab somewhere. iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
