Paul Hoffman wrote: > At 1:16 PM -0800 12/30/08, Nelson B Bolyard wrote: >> I should have written: digital signatures on certificates. >> The patch that I wrote only affects signatures on digital certificates. > > Good. I am quite concerned if we start affecting signatures in things like > Thunderbird.
Why is that any different? The fake CA these guys produced could be used to issue forged S/MIME certs too. Or authenticode certs. This problem is NOT limited to SSL. Or am I completely misunderstanding you? -Dan Veditz _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
