David E. Ross wrote: > Are there any plans to examine legacy root certificates that are > currently installed with Mozilla products? Will they be subjected to > the same rigorous criteria that are required for proposed new > certificates?
That's a good question. We are currently focussing on clearing the (multi-year) backlog of certificate inclusion requests. Once that is done, we will consider attempting to gather an equivalent amount of documentation on existing roots, and perhaps removing or disabling roots which do not fit our criteria, or are no longer used. Anyone who would like to help with this work would be very welcome - please let me know. Additional resources would make it happen a lot quicker. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
