On Tue, Dec 23, 2008 at 5:14 AM, Frank Hecker <hec...@mozillafoundation.org> wrote: > Eddy Nigg wrote: >> >> Disabling the trust bits of "AddTrust External CA Root" could be a >> temporary measure to prevent damage to relying parties until Mozilla >> receives full report and disclosure from Comodo about its resellers and >> conclusion of their investigation. > > Do you mean the UTN-UserFirst-Hardware root? According to the screenshot on > your blog post, that's the root the bogus cert chains up to. Also, if we > were to take action of this general sort (as a hypothetical), what about > adding the PositiveSSL CA cert to NSS with the SSL trust bit disabled; > wouldn't that accomplish the same purpose, without interfering with other > parts of the hierarchy under the UTN-UserFirst-Hardware root? (I seem to > recall we've discussed this sort of thing in the past.)
What is the effect of this problem on the request to enable the UTN-UserFirst-Hardware root for EV, https://bugzilla.mozilla.org/show_bug.cgi?id=401587 ? -Kyle H _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
