Am 2012-02-27 15:30, schrieb Stephen Schultze: > Bucket C: > - Disable cert overrides for *very old* expired certs (might not be in > any CRLs anymore)
This might become a problem if some embedded devices create self-signed certs valid only in 1970 or something equally intelligent. Not allowing users to access their devices at all could be quite annoying. Is there at least a hidden pref that advanced users can set to be able to get cert overrides? I do understand the idea (without this, time will allow revoked certs to be overriden again), but the certs will still be considered invalid. I think a stricter expiration warning could be more appropriate. Kind regads, Jan -- Please avoid sending mails, use the group instead. If you really need to send me an e-mail, mention "FROM NG" in the subject line, otherwise my spam filter will delete your mail. Sorry for the inconvenience, thank the spammers... _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security