Quite some time ago, I disabled root certificates in my Mozilla Suite configuration where the issuing certificate authorities did not appear in the WebTrust list at <http://www.webtrust.org/abtseals.htm>. This carried forward into my current SeaMonkey configuration. Generally, this has caused very few problems.
Recently, I visited the Web site of a bank where I have an account. The site certificate caused the "Website Certified by an Unknown Authority" popup to appear. The site certificate was signed by a Network Solutions certificate, which in turn was signed by an AddTrust root certificate. The AddTrust certificate is one of four from that certificate authority that I had disabled but still have in my SeaMonkey configuration. Enabling that root certificate allowed me to complete my visit to the bank's Web site. AddTrust is still not on the WebTrust list. At the AddTrust Web site, I can find no mention of any kind of outside audit, WebTrust or otherwise. Are there any plans to examine legacy root certificates that are currently installed with Mozilla products? Will they be subjected to the same rigorous criteria that are required for proposed new certificates? -- David E. Ross <http://www.rossde.com/> Concerned about someone (e.g., Pres. Bush) snooping into your E-mail? Use PGP. See my <http://www.rossde.com/PGP/> _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
