Why would Network Solutions be signed by AddTrust? Network Solutions owns Verisign.
You might want to verify out-of-band that the bank's site really does belong to the appropriate bank. -Kyle H On 4/2/07, David E. Ross <[EMAIL PROTECTED]> wrote: > Quite some time ago, I disabled root certificates in my Mozilla Suite > configuration where the issuing certificate authorities did not appear > in the WebTrust list at <http://www.webtrust.org/abtseals.htm>. This > carried forward into my current SeaMonkey configuration. Generally, > this has caused very few problems. > > Recently, I visited the Web site of a bank where I have an account. The > site certificate caused the "Website Certified by an Unknown Authority" > popup to appear. The site certificate was signed by a Network Solutions > certificate, which in turn was signed by an AddTrust root certificate. > The AddTrust certificate is one of four from that certificate authority > that I had disabled but still have in my SeaMonkey configuration. > Enabling that root certificate allowed me to complete my visit to the > bank's Web site. > > AddTrust is still not on the WebTrust list. At the AddTrust Web site, I > can find no mention of any kind of outside audit, WebTrust or otherwise. > > Are there any plans to examine legacy root certificates that are > currently installed with Mozilla products? Will they be subjected to > the same rigorous criteria that are required for proposed new > certificates? > > -- > > David E. Ross > <http://www.rossde.com/> > > Concerned about someone (e.g., Pres. Bush) snooping > into your E-mail? Use PGP. > See my <http://www.rossde.com/PGP/> > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- -Kyle H _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
