My apologies, Robin, and I did indeed misidentify the company involved. I was looking at the DigiNotar timeline and my brain crosswired the two. I truly am sorry. :( (FYI, http://www.networking4all.com/en/ssl+certificates/ssl+news/time-line+for+the+diginotar+hack/ )
However, the remainder of my comment stands. Is it time for Mozilla to implement a cross-certifier? Would NSS and PSM (once the appropriate fixes are made to make libpkix the default) be able to effectively handle revocation for such?
My apologies, Robin, and I did indeed misidentify the company involved. I was looking at the DigiNotar timeline and my brain crosswired the two. I truly am sorry. :( (FYI, http:// www.networking4 all.com/ en/ssl+ certificates/ ssl+news/ time-line+ for+the+ diginotar+ hack/ )
However, the remainder of my comment stands. Is it time for Mozilla to implement a cross-certifier? Would NSS and PSM (once the appropriate fixes are made to make libpkix the default) be able to effectively handle revocation for such?