Comment 117 for bug 310999

My apologies, Robin, and I did indeed misidentify the company involved. I was looking at the DigiNotar timeline and my brain crosswired the two. I truly am sorry. :( (FYI, http://www.networking4all.com/en/ssl+certificates/ssl+news/time-line+for+the+diginotar+hack/ )

However, the remainder of my comment stands. Is it time for Mozilla to implement a cross-certifier? Would NSS and PSM (once the appropriate fixes are made to make libpkix the default) be able to effectively handle revocation for such?