I wholeheartedly believe that placing an arbitrary policy limitation in general-purpose software is ill-advised at best and reason for the product to be dismissed out of consideration for any usage at worst.
-Kyle H 2008/6/6 Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]>: > Rob Stradling: > > Another option would be to make a (small? :-) modification to NSS to > allow us to store an expiry date which overrode the one in the certificate. > > > Good idea. That would be much less hassle (compared to my proposal) for > both > the CAs and Mozilla. > > > Yes, that's perhaps a good thing to have anyway! > > Whenever a key is found whose "soft_insecure_after_date" is in the past, > NSS/Firefox/etc would warn the user, but allow them to choose to navigate to > the HTTPS site if they really want to. > Whenever a key is found whose "hard_insecure_after_date" is in the past, > NSS/Firefox/etc would warn the user and refuse to allow them to navigate to > the HTTPS site. > > > We need to make sure that this wouldn't affect other products, mainly > Thunderbird. But also for web sites I'm not sure how good that would be (the > hard fail), just imagine the hosting panel uses a certificate of an affected > key and now the poor guy can't even get in there changing the certificate. > > > Regards > > Signer: Eddy Nigg, StartCom Ltd. > Jabber: [EMAIL PROTECTED] > Blog: Join the Revolution! > Phone: +1.213.341.0390 > > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
