yes. I remove all ca's, and rebuild the list only for those SITES where I trust the site owners ( not cert authority at all, as they only issue certs for money. it has to be for sites not authorities )
so, instead of including a ca list, let end user build a list of trusted sites.
How do you know you aren't being subjected to a MITM attack at the time you add the cert of each site?
Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
