Jean-Marc Desperrier wrote:
Nelson B wrote:
rhkelly wrote:
> It is erroneous to assume that such criteria would be the same for all
> users of Mozilla (or any other "tool-class" software package).
But all users of Mozilla (as distributed by mozilla.org) get the same
list. There is one list, and there is one criteria for that list.>
I like the approach of you can choose the list of root ca you accept,
and there is a proposal only list with Mozilla.
This puts the choice in the hand of the user, deviates the libalility
away from Mozilla without having the inconvenience of excluding away any
organisation that can not spend big amount to an independant auditor
cabinet.
I think one manageable way to handle this would be an additional
installation screen to choose the list you trust, and maybe none
directly endorsed by Mozilla.
See the thread with the subject
"Should mozilla's built-in CA list include untrusted CAs?"
Sounds to me like you might favor that idea.
Yes? Please comment in that thread.
--
Nelson B
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
