This sounds rather dangerously like a security-related design and implementation failure.
In fact, this sounds so much like such that if it were up to me, I'd mark this lack of functionality as 'critical/urgent' in the NSS design path and get it done before anything else. -Kyle H On Sun, Jun 22, 2008 at 9:49 AM, Frank Hecker <[EMAIL PROTECTED]> wrote: > David E. Ross wrote: >> Has the failure by Entrust to enforce its policies against DigiNotar >> been brought to the attention of Entrust's auditors? I think it should. > > For the record, Entrust understands what our concern is and has been > cooperative in trying to come up with a way to address it. However the > problem is that even if Entrust were to revoke DigiNotar's intermediate > CA certificate that would not help resolve the problem, for the reason I > mentioned earlier (Firefox/Thunderbird et.al. don't do revocation checks > for CA certs). > > Frank > > -- > Frank Hecker > [EMAIL PROTECTED] > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
