Eddy,
Eddy Nigg wrote:
On 10/23/2008 12:34 AM, Julien R Pierre - Sun Microsystems:
However, in this particular case, for all NSS-based software - a manual
solution exists for older applications : simply mark the root as
untrusted.
If they happen to hear about it. Or if they happen to use an updated NSS
library. However reality shows that it takes quite some time until a new
version of NSS seeps to the application level, including with Mozilla's
own products (which would be by far the fastest). I'd expect that in an
emergency a new FF/TB/SM etc. version would be shipped, but for those
outside of Mozilla making use of NNS it might take month, even years.
If a root ended up being compromised and we heard about it, I can assure
you that we would produce a new NSS release with an update root cert
module with all due haste - meaning probably within a couple of business
days.
The NSS team always maintains at least 2 versions - a "stable branch"
(currently 3.11.x) and current development version (currently the trunk,
which is 3.12.x)
FF/TB/SM are indeed often reluctant to take NSS updates when they
contain functionality updates, but I'm sure that for such a major
security problem they would pick up the update as soon as it's available.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto