The issue isn't number, it's frequency. Your favorite competitor has LOTS of roots in the list. Frequency of new requests is extremely low, years between them.
Actually read below for why we had to update our last root certificate...
Um, IINM, checking CRLs is a feature that is turned on in the advanced options part of the Internet Control panel, and is OFF by default (probably for the same reason as in mozilla). BTW, I will shortly start a thread here about the issue of turning CRL and OCSP checking on by default. Please join that thread also.
In IE6 (at least some of the more recent versions) our original root certificate started to fail for IE users because it didn't contain a CRL, and recent versions of outlook were also exhibiting the same behavour, basically MS had changed the default from off, to on and well yea, was an interesting situation to be in.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
