> This is a change in Firefox 6.0.2 where they list them so they can explicitly > distrust them. If you click on Aurora->Preferences (or Options, I think, in > Windows)->View Certificates->then click on any of the DigiNotar things > present, > it will say at the top "Explicitly Distrust [...]".
Ah, nice, I hadn't noticed this! > You can see some more of that here: > https://hg.mozilla.org/releases/mozilla-release/rev/55b5cd1ce8fe > > This basically superseded our (and their) patches, and I think the reason > there > are so many more listed is because they got all of them, including > intermediaries. To be honest, while Mozilla has been very helpful and > responsive to us, we don't have complete insight into their decision-making > processes so we are trusting them to do the right thing here, at least right > this minute with the given time-constraints. When things have settled down a > bit more we will probably revisit how TBB handles certs overall. In essence, > there has been a lot of turbulence with this release (which happened 2 weeks > early because of this mess, and then went through a bunch of rapid changes > immediately after) so everything is a bit wobbly. Yes, this SSL kerfuffle is causing big headaches ... > We're going to be making some more radical changes and the build/QA team is > basically just me, for all platforms, except when other devs & volunteers > pitch > in. Would you be interested in helping us out with better testing? Yep, ping me off list each time you've got a new release ready. (Debian 5 (haven't got around to upgrading yet ...)) May take me a few days to test, but I certainly will! (Will also force me to upgrade and keep current ...) -C _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
