In their newsletter last night
(http://www.privsoft.com/archive/nws-who.html), PSC software (BOClean)
indicated that they believe that NSSCKBI.DLL contains some questionable
and demonstratively untrustworthy certificate authorities. Their
initial reaction was to include the file in their definitions and offer
to remove it. After complaints that this was a false positive and after
finding that removing the file broke Mozilla products, they removed
NSSCKBI.DLL from their definitions, reissued the update, and published
their newsletter explaining the course of events. They continue to
believe that the file (or rather some of the CAs in the file) is
untrustworthy but don't want to break FF.
Many of us rely heavily on FFs indication that a site is safe before we
enter personal or financial info. Please comment on whether you
consider PSCs concerns reasonable, and if so, whether an effort will be
make to remedy this problem.
F/Us set to mozilla.dev.security
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
