Comment 151 for bug 232340

Per my comments in bug 289077 I'm approving inclusion of the StartCom root CA certificate in NSS/Mozilla; trust bits should be set for SSL server use and S/MIME email use. The bit for object signing should be OFF, as StartCom does not issue object signing certificates at present and is not planning to do so in the foreseeable future.

The CA certificate itself is located at <http://cert.startcom.org/ca.crt>. Its SHA-1 fingerprint is 95E6 ADF8 D771 4602 4DD5 6A21 B2E7 3FCD F23B 35FF as listed on the StartCom FAQ page <http://cert.startcom.org/?lang=en&app=110>, and computed by NSS when downloading the cert in question. I've double-checked the fingerprint via a phone call with Eddy Nigg of StartCom.