Have I gotten this right? 1. Mozilla PKI client support (FF's TLS-client-auth, FF's signText and TB's S/MIME), requires that the CA certificate is known and trusted by the local client software?
If that is true I would consider it a major bug or at least a major nuisance because there is no smart card standard AFAIK that requires the card to contain anything but EE certs and associated private keys. 2.Even if cards were equipped with the entire cert-path the user would anyway have to edit trust or similar? Particularly for FF, the point with such a requirement is counterproductive since it makes the card non-mobile. Anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
