Jean-Marc Desperrier wrote:
Nelson B wrote:
[...]. mozilla treats SSL server certs like code
signing certs for java script served over https, IINM, [...]
I really don't believe so.
Well, it shouldn't be very difficult to test. If it works, I'll be
amazed at how convenient it is, but it's just too convenient, they are
many SSL Site on which I go that I don't trust to access all what signed
js can access.
That is a policy of the application, not of NSS, BTW.
I objected to it for the reason that the subjects of SSL certs are
typically subjected to less authenticity checking than code signing
certs, and this policy allowed the lesser assurance certs to be used
as code signing certs. But the application folks seemed to want
added convenience more than the added security, IMO.
--
Nelson B
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto