All I'm after here is that my software recognize that the server is indeed who it says it is, and any certificate I can generate on my server without reference to some external CA is obviously not going to be acceptable on the public Internet. I've been using FreeSSL as my CA - but they keep getting ever more expensive, now it's a $50 annual fee for the cheapest option. (So Free isn't free any more!)
Nelson B wrote:
There are some other threads in this newsgroup about the criteria by which mozilla.org should choose to add root CAs to its built-in list of trusted CAs. Maybe there's a simpler solution.
Mozilla's built-in list contains a bunch of root CA certs, AND it contains trust information about each one, indicating for each cert whether it is trusted for SSL, for SMIME, for code signing, etc.
IIRC, today, the list contains only CAs that are trusted for at least one of those services. It does not presently include any CAs that are trusted for nothing. But there is no technical reason why it couldn't.
New root CAs could be added to the built-in list without any trust flags while mozilla.org decides whether to give trust or not.
Does that idea meet any needs? Whaddaya think?
-- Nelson B
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
