Ben Bucksch wrote:
Nelson Bolyard wrote:
A contract would probably have commitments both ways, implied if not
explicit.
Is that a bad thing?
Yes. We don't have *legal* control to yank roots anymore, only for the
reasons explicit in the contract. Right now, it's just a practical
prob
Nelson Bolyard wrote:
A contract would probably have commitments both ways, implied if not
explicit.
Is that a bad thing?
Yes. We don't have *legal* control to yank roots anymore, only for the
reasons explicit in the contract. Right now, it's just a practical problem.
For example, i
Gervase Markham wrote:
- Mozilla writes loads of code to detect each different type of CA
certificate and make sure that NSS knows what level it corresponds to
(or are we doing that bit by asking the CAs to include new OIDs?)
YES! Eddy explicitly said that. My "do this all ourselves" was just
Nelson Bolyard wrote:
Gervase Markham wrote:
Ben Bucksch wrote:
Actually, not even that is necessary. Classes each have their own root
cert, so we can simply match root certs to level in our software,
using a list that is just as hardcoded as our root certs, and matches
the assigned lev