NSS

Comment 101 for bug 310999

(In reply to comment #81)
> in the mean time we face a tradeoff between greater availability (and therefore
> deeper penetration) of SSL and dodgy certs... I'm not sure what the best
> solution is (and am perhaps more concerned about government interference with
> CAs than technical issues).

While I agree, Mozilla went leaps and bound in annoying users ad nauseam when they hit self-signed certificates. With FF4, it is now bugging me separately for each port where the self-signed cert is used - "thank you" very much. :-X

As this incident show, they are to be no more and no less trusted than those issue by so called "trusted" root CAs. Schizophrenic at best.

And yeah, the whole concept is broken, also on another note, IE and Chrome et. al. do the right thing to use *system* certificates, instead of bundling their own crap.