At 7:16 PM +0100 12/25/08, Michael Ströder wrote: >I'd tend to punish a rogue CA by removing their root CA cert from NSS. >Maybe this serves as a good example to other CAs that the Mozilla CA >policy is really enforced. Otherwise nobody will care.
This is Firefox we're talking about, not IE. Do you really think that this is going to help end users, or just hurt people who bought certificates from the lax (not rogue) CA? Like most punishment, the origin is more often the desire of the punisher to feel powerful. In this case, it is also for financial gain by the first one to propose the punishment, of course, but the base desire is the same. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto