Brian,
It has been well over 3 years since the cross-certification looping bug
described in Bug #479508 and Bug #634074 was first filed. It was
decided that the proper fix was to wait for Firefox to migrate to
libpkix by default. We and our customers have been waiting patiently
for this fix.
The effects of this bug have apparently been getting worse over time,
and we don't believe that we can tolerate it for very much longer.
Might there be a Firefox 13.x point-release that will enable libpkix by
default?
Will Firefox 14 enable libpkix by default?
Or can you say that enabling libpkix by default will definitely not
happen until Firefox 15 or later?
If you're reasonably sure it won't happen by Firefox 14, my CTO has
asked me to urgently i) attempt to write an ugly kludge of a patch to
fix the bug in the "old" certificate verification library and then ii)
petition Mozilla and the NSS team to accept my patch and ship it in
Firefox 14 or sooner.
Thanks.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
