<snip> Eddy Nigg wrote: >> So, My advice is: just say no. Don't take on the burden of adding a >> new root CA cert every year when there is no good need. Please consider >> this an objection to including those roots in the root CA list.
>As indicated earlier, I think it unreasonable as well. And this is >really unfortunate, since it could have done a lot of good for S/MIME, >specially when considering the high usage/market share of Mozilla >products in Germany and the chance to have some 40 million potential >users encrypting mail. Although Swedish authorities have done a lot of strange things in PKI, I am happy that their broken scheme doesn't allow verification by clients [*], since that could have caused major help-desk issues if people believed that encrypted mail actually is a working application :-) Anders *] Root is secret and OCSP calls require a contract + requester certificate _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto