On 12/27/2008 03:07 PM, Gervase Markham:
This is extremely common. Certificates change hands. Failing to honour root certificates which are no longer owned by the companies which created them would break a significant proportion of the web. Microsoft does not have a policy preventing this.
In itself I've raised concern about it previously. If Microsoft is preventing it or not it isn't really relevant. If we look at the issue more closely, than we will realize (maybe) that companies can change hands, but not root certificates. If common policies are applied to roots as they are applied to end-user (and even intermediate CA) certificates, than roots which change any of the listed parameters must be revoked and a new certificate created with the corrected and updated information. This is a common requirement of digital certificates at large.
In this case, I knew to whom the affected root belonged, even though it listed an unrelated company from Sweden or Utah. Others would simply not know. If a user must start researches in a field not familiar to him and/or has to contact the browser vendor in order to know who the issuer is, I think we have a problem.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
