Michael Ströder wrote, On 2008-07-25 06:13: > Nelson B Bolyard wrote: >> I suggest you look at >> http://developer.mozilla.org/en/docs/NSS_Certificate_Download_Specification >> for ideas on importing certs. > > I wonder why Mozilla doesn't support application/pkix-cert and > application/pkix-crl specified in http://www.rfc-editor.org/rfc/rfc2585.txt
It's a matter of PSM and UI design issues. All issues with MIME content types are decided in the browser, not in NSS. At cert download time, there are various decisions we might ask the user to make, depending on the type of cert being downloaded. For example, when downloading a CA cert, it is appropriate to ask the user to make trust decisions about the cert. The user would be expected to make different decisions or take different actions for - his own personal user certs, vs - certs for other servers or other email correspondents, vs - CAs. It's often not easy to tell which of those roles is appropriate for a cert being downloaded. The MIME content type gives the browser a big clue about which of those 3 categories encompass the downloaded cert. Without those clues, the UI would need to ask the user more questions, and these are the types of questions that users are very likely to completely fail to understand. The bottom line is: supporting a MIME content type that says nothing about the way in which the cert will be used will require additional PSM UI work and the browser's UI czars aren't motivated to do it. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
