On 07/04/2009 02:20 PM, Anders Rundgren:It's not a good idea to place
the CA certificate on the token because
I think it is Firefox that's confusing.
Sure, it's a bug. If the CA root is trusted in the "software security
device", its trust bits should not be overridden by the same CA
certificate on the token....but alas...
I don't know what Firefox 3.5 does, but in MSIE you can authenticate with
an EE certificate, the path is built automatically using AIA CA issuers and
you don't have to trust the EE certificate either, that is for the RP to cater
for.
I've been begging for this feature to be implement, to no avail...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
