For many use cases, my suggestion eliminates the need to bundle CA
certificates in the browser.
I suggest not. After all, if we make unknown CAs look just like an HTTP connection, why could Hugo not just use an HTTP connection? The fact that he doesn't want to suggests that something more is required.
That's not to say that it's not a good idea, but I don't think it will help Hugo.
Currently, the purpose in bundling a CA certificate in the browser is:
A. Eliminate the pop-up dialog that appears when a new CA is encountered. B. Distribute the public key of the new CA.
That's not the whole story. If it were, we would include every CA which applied without any vetting at all. Bundling the certificate must therefore mean something else as well.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
