Stephen Davidson wrote:
The automatic root update is part of Windows XP and Windows 2003. Prior
versions get the new root bundles using normal Windows Update.
Microsoft selected WebTrust for Certification Authorities as the standard
for inclusion in the root store -- they also gave a window for CAs who were
already in the root store to gain compliance with WebTrust for CAs.
Part of the responsibilities a CA takes on with WebTrust is to continue
ongoing audit procedures to maintain compliance. With the update, Microsoft
can remove CAs that fall out of line.
I do not know if this has actually occurred, or if they can remove CAs that
have been manually trusted by the user (ie as a countermeasure against rogue
CAs).
I suppose a question for Frank would be, what should
MF do when Microsoft drops XYZ CA from its list?
I'm guessing the answer is the same as always, it
would be treated as one possible input to a review
of the MF default root list.
iang
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
