Comment 1 for bug 543183

Revision history for this message
Drew Scott Daniels (drewdaniels) wrote :

To remove fraudulent certificates like this recent one:
https://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
a rebuild is required.
See the discussion at lwn.net at:
http://lwn.net/Articles/456798/#Comments

Note the comment about how Internet Explorer doesn't have to be rebuilt and the Microsoft Advisory at:
https://www.microsoft.com/technet/security/advisory/2607712.mspx

Maybe better Certificate Revocation List (CRL) support is needed.

I haven't yet submitted a bug upstream as Ubuntu may just want to fork for better enterprise support.

     Drew Daniels
http://www.boxheap.net/ddaniels/blog