Of what benefit is this to the user? If it's not marked as trusted, they get the same behavior as if the CA weren't listed.
Unless someone can describe a real user benefit, I would say we should not put untrusted CAs into the built-in list.
The only benefit I see to this is MF would verify the fingerprint of each certificate, and first instance that a user comes across a certificate signed by a CA a message box would popup asking what level of trust the user puts on the certificates. I doubt any CAs would be happy with this as you still put the onus on the user to understand all this. Which they mostly don't.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
