On 2009-06-22 15:10 PDT, Kyle Hamilton wrote: >> https://wiki.mozilla.org/images/c/ce/BuiltIn-CAs.pdf
> Am I correct in inferring that to the best of your knowledge, if a root > does not have a bug number associated with it, it is a "legacy" root (one > that was inherited from Netscape/AOL)? I don't think so. According to https://bugzilla.mozilla.org/show_bug.cgi?id=233453#c12 Mozilla's Root CA cert policy went into effect in January 2006. The full chronology of the additions of certificates to the list since NSS version 3.0 in March 2000 is shown in http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/nss/lib/ckfw/builtins/certdata.txt&mark=1.38 I believe that all the certs added beginning with revision 1.38 (and all later revisions) were added according to the Mozilla policy and process. Some of the certificates added since then do not appear to have bug numbers in the pdf file cited above. For example, NetLock's "Class QA" cert was added in revision 1.39 in June 2006 per bug 313942, but no bug number appears beside that cert in the pdf file. > If so, this is an even more useful list so that we can see which roots > need additional examination. :) I think more work is needed to populate the table with all the relevant bug numbers. Fortunately, the bonsai page shown above should be a great starting place to find all the missing bug numbers. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
