Nelson Bolyard wrote:
Arshad Noor wrote, On 2008-02-06 06:38:The issue isn't with certificates; it is with private keys.Arshad, I think e.kabarie is concerned with attacks that would inject bogus CA certs into the client's cert DB and mark them as trusted.
In the shared database case (NSS 3.12), the trust objects are also signed with the PBE.
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
