I forgot to include the following point. On 4/24/2015 11:32 PM, David E. Ross wrote: > > However, all certification authorities whose root certificates are in > the NSS database have indeed undergone community review.
How else can you explain that a single request to Mozilla from a certification authority can encompass more than a single root of that authority? I have been following the reviews of such requests for a number of years. A certification authority owning more than one root does not submit a separate request for each root; only a single bugzilla.mozilla.org bug report is submitted. The review is collective, covering the overall certification authority and its multiple roots. Furthermore, the audit reports required by Mozilla address the entire certification authority. -- David E. Ross I am sticking with SeaMonkey 2.26.1 until saved passwords can be used when autocomplete=off. See <https://bugzilla.mozilla.org/show_bug.cgi?id=433238>. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
