Kyle Hamilton wrote: > Why would Network Solutions be signed by AddTrust? Network Solutions > owns Verisign. > > You might want to verify out-of-band that the bank's site really does > belong to the appropriate bank. > > -Kyle H > > On 4/2/07, David E. Ross <[EMAIL PROTECTED]> wrote: >> Quite some time ago, I disabled root certificates in my Mozilla Suite >> configuration where the issuing certificate authorities did not appear >> in the WebTrust list at <http://www.webtrust.org/abtseals.htm>. This >> carried forward into my current SeaMonkey configuration. Generally, >> this has caused very few problems. >> >> Recently, I visited the Web site of a bank where I have an account. The >> site certificate caused the "Website Certified by an Unknown Authority" >> popup to appear. The site certificate was signed by a Network Solutions >> certificate, which in turn was signed by an AddTrust root certificate. >> The AddTrust certificate is one of four from that certificate authority >> that I had disabled but still have in my SeaMonkey configuration. >> Enabling that root certificate allowed me to complete my visit to the >> bank's Web site. >> >> AddTrust is still not on the WebTrust list. At the AddTrust Web site, I >> can find no mention of any kind of outside audit, WebTrust or otherwise. >> >> Are there any plans to examine legacy root certificates that are >> currently installed with Mozilla products? Will they be subjected to >> the same rigorous criteria that are required for proposed new >> certificates? >>
There is NO Network Solutions root certificate in SeaMonkey. There are four AddTrust root certificates in SeaMonkey. Enabling AddTrust External CA Root (only one of the four) allowed me to view my monthly statement (which I had never seen before but which was consistent with all my transactions) without having to accept the bank's site certificate or install a Network Solutions certificate. -- David E. Ross <http://www.rossde.com/> Concerned about someone (e.g., Pres. Bush) snooping into your E-mail? Use PGP. See my <http://www.rossde.com/PGP/> _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
