NSS

Comment 10 for bug 310999

Presumably it was Comodo that underwent an audit to be added to Mozilla's
roots, and Comodo should not be allowed to delegate trust to their resellers
for domain validation. If, today, trust is delegated to their resellers, then
we can't trust Comodo, period.

Although disruptive, their trust bits should be suspended. The explanation to
users: "Those purporting to provide assurance about the site you are trying to
visit cannot be trusted. Please contact the site operator and advise them to
find a trustworthy certification authority."