On 12/27/2008 5:07 AM, Gervase Markham wrote [in part]: > Hi John, > > You raise some important questions, but it's worth having clarity on a > few matters of fact. > > John Nagle wrote [also in part]: >> 1. AddTrust, a company which apparently no longer exists, has an >> approved >> root CA certificate. This in itself is troublesome. > > This is extremely common. Certificates change hands. Failing to honour > root certificates which are no longer owned by the companies which > created them would break a significant proportion of the web. Microsoft > does not have a policy preventing this.
I would sometimes encounter a secure site with a certificate from a root not in the Mozilla database. The root would be from a CA that no longer existed. Using the WebTrust list of certified CAs (a list that no longer appears on the Web), I would be able to trace the changes in ownership of such CAs and determine for myself whether the root was indeed certified by WebTrust. It the root were certified by WebTrust, WebTrust's list would even have a link to the current CA's Web site, from where I could download and install the root. This process is no longer available to users, now that WebTrust no longer maintains a public list of certified CAs. -- David E. Ross <http://www.rossde.com/> Go to Mozdev at <http://www.mozdev.org/> for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
