David E. Ross wrote: > Recently, I visited the Web site of a bank where I have an account. The > site certificate caused the "Website Certified by an Unknown Authority" > popup to appear. The site certificate was signed by a Network Solutions > certificate, which in turn was signed by an AddTrust root certificate. > The AddTrust certificate is one of four from that certificate authority > that I had disabled but still have in my SeaMonkey configuration. > Enabling that root certificate allowed me to complete my visit to the > bank's Web site. > > AddTrust is still not on the WebTrust list. At the AddTrust Web site, I > can find no mention of any kind of outside audit, WebTrust or otherwise.
An informant adds the additional information: "A bunch of legacy roots have shifted hands and are used for cross certifying newer CAs for ubiquity. Geotrust has the old Equifax root, Godaddy and RSA have old Valicert roots, Comodo has a whole pack of 'em including UTN and AddTrust, etc etc." Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
