Frank Hecker wrote: > Do you mean the UTN-UserFirst-Hardware root? According to the screenshot > on your blog post, that's the root the bogus cert chains up to. Also, if > we were to take action of this general sort (as a hypothetical), what > about adding the PositiveSSL CA cert to NSS with the SSL trust bit > disabled; wouldn't that accomplish the same purpose, without interfering > with other parts of the hierarchy under the UTN-UserFirst-Hardware root? > (I seem to recall we've discussed this sort of thing in the past.)
This was the first thing that occurred to me as well. Can anyone (Nelson?) tell us definitively if this is possible? I would assume it is, but it would be good to get confirmation. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
