This proposal is related to all the discussion about how to select the
correct list of root CA for Mozilla, but is a slightly different way of
looking at things.
The idea is that there is no way of selecting a single list of CA that
will make everybody really happy.
On the other hand, any solution where the use has to decide on a one by
one CA level is not manageable.
So this proposal would be that Mozilla would get away of imposing to all
users a single built-in trusted CA, but instead distribute several
trusted CA list, with a description of the origin of each list, how it
is created, and let the users decide what is best for them.
This list should of course be made short and in a way so not to confuse
the users.
The first item in the list would logically be the AICPA list, with the
indication it's the same list as IE.
Then could come a more open list, that a CA could get it without paying
as much as in AICPA list, and that maybe could reject some AICPA members
based on the motive of recorded misbehavings.
Technically if this is done during install, the install just has to
replace the default built-in cert file with the one selected.
So, this does not ask for change in PSM/NSS.
Maybe some more items on the list would be useful, like "same as old
Netscape 4.7".
The list might end with a link to a page having a more comprehensive
list. Of course, that page would then include instructions on how to
change the trusted list after installation. (or/and have an about:trust
that points to this page ?)
PS: In fact, the mechanism I propose here is not something I first
thought about in this context.
The problem of not been able to choose a single universal list is
similar in Apache for the "file extension/Mime-type" association in
mime.conf file, that today has very selective filters for entry.
They make many people, and in fact even Mozilla, unhappy.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
- Re: Proposal : Installable trusted CA list Jean-Marc Desperrier
- Re: Proposal : Installable trusted CA list rhkelly
- Re: Proposal : Installable trusted CA list John Gardiner Myers
- Re: Proposal : Installable trusted CA list Nelson B
- Re: Proposal : Installable trusted CA li... Jean-Marc Desperrier
- Re: Proposal : Installable trusted CA list Julien Pierre
