Re: A-Trust Root Certificate Inclusion Request

2007-06-27 Thread Eddy Nigg (StartCom Ltd.)
Under http://www.mozilla.org/projects/security/certs/pending/#id0x0e6c3390 it states: /a.trust is an accredited Trust Center in Austria issuing smartcard-based qualified certificates for Austrian citizens, to be used in eGovernment, etc./ Under section 6 of the Mozilla CA policy (http://www.m

Re: Proposal for improving the security of add-on updates

2007-06-27 Thread Eddy Nigg (StartCom Ltd.)
Hi Jean Marc, Jean-Marc Desperrier wrote: > > How effective has this approach been until now to block spam and spyware > ? E...how many times did you encounter and installed signed spyware and adware on your computer? I guess close to zero! Would all software one installs be singed by a ver

New protocol work of possible interest

2007-06-27 Thread Paul Hoffman
See . There has already been a lot of good discussion about the requirements, but more is certainly useful. The protocol would certainly be of use to Mozilla for updating the trust anchor store in Firefox, Thunderbird, and so on. --Paul Hoffman ___

Re: nss and mozilla database

2007-06-27 Thread cdolivei . bugzilla
> I was under the impression that this wasn't Cesar's primary goal, since > he previously wrote that "I am trying to understand certificate > authorities and how the process goes". > > So, for educational purposes, such a cert will do the trick. On the > other hand, if the XPI file should be distri

Entrust Root Certificate Inclusion Request

2007-06-27 Thread Gervase Markham
Entrust has applied to add some certs to the Mozilla root store, as documented in the following bug: https://bugzilla.mozilla.org/show_bug.cgi?id=382352 and in the pending certificates list here: http://www.mozilla.org/projects/security/certs/pending/ I have evaluated their request, as per the mo

A-Trust Root Certificate Inclusion Request

2007-06-27 Thread Gervase Markham
A-Trust has applied to add some certs to the Mozilla root store, as documented in the following bug: https://bugzilla.mozilla.org/show_bug.cgi?id=373746 and in the pending certificates list here: http://www.mozilla.org/projects/security/certs/pending/ I have evaluated their request, as per the mo

Re: Proposal for improving the security of add-on updates

2007-06-27 Thread Jean-Marc Desperrier
Gervase Markham wrote: > Jean-Marc Desperrier wrote: >> You don't care *who* the owner of the cert is. What you care about is >> if he intends to use his signing cert to distribute spyware >> extensions. And his identity tells you nothing about that. > > No, but it does tell you whose door the p