I think this makes most sense as part of a hypothetical "probationary period" for CAs. In other words, make a quick decision as to whether to get a CA's cert into Mozilla, and then go through a lengthier decision process before turning the "trust" flags on.
Of what benefit is this to the user? If it's not marked as trusted, they get the same behavior as if the CA weren't listed.
Unless someone can describe a real user benefit, I would say we should not put untrusted CAs into the built-in list.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
