Wen-Cheng Wang <capuchin...@gmail.com> writes: >Actually, we have tested the capabilities of many browsers in the wild and >found they can live peacefully with our PKIX-compliant root certs.
Ah, OK. That's the right way to do it. >They are not so weak as you might think. I bet I can create PKIX-compliant certs (specifically, cert chains) that would break any browser :-). But yeah, if you go and test each browser you can create lowest-common-denominator certs that should work in general. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy