On 10/23/2008 12:34 AM, Julien R Pierre - Sun Microsystems:
However, in this particular case, for all NSS-based software - a manual solution exists for older applications : simply mark the root as untrusted.
If they happen to hear about it. Or if they happen to use an updated NSS library. However reality shows that it takes quite some time until a new version of NSS seeps to the application level, including with Mozilla's own products (which would be by far the fastest). I'd expect that in an emergency a new FF/TB/SM etc. version would be shipped, but for those outside of Mozilla making use of NNS it might take month, even years.
I've mentioned initially at this thread, that revocation of CA roots has its problems, but I haven't been able to define something better with current tools. Apparently there is a shortcoming which needs to be addressed at some point.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
