Nelson, Thank you, that did clarify a lot.
One follow-on question... Does the trust flags always override certificate type and extensions? For instance, if a certificate did not have the "basic constraint" extension needed for CA certifcate and if that certifcate's trust were modified to be a "trusted CA" what would be behaviour? Thanks you SN _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
