In the Certificate Manager, Actively DIStrusted certificates, such as all of the DigiNotar certs, look the same as all of the other certificate authorities... The Security Device is set to "Builtin Object Token" Would it be possible to change the Security Device setting for such certificates to say something like "DIStrusted" so that they can be distinguished from the other root certificates that are included in NSS? Also, the end-entity certificates that are Actively DIStrusted are displayed in the Certificate Manager Servers list as Permanent Lifetime. Would it be possible to change the Lifetime setting to something like "DIStrusted" to indicate that these certs are only included so that they can be Actively DIStrusted?
I'm raising the importance of this bug, because I am getting inquiries from people who are concerned that Mozilla made a mistake and accidentally re-included DigiNotar CA certificates in Firefox 8. Also, I just checked, and I can simply Edit Trust and turn on the trust bits for these DigiNotar certs.
Severity: normal → major
Please see bug 733716 where I have started such work.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 733716
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.