: K-Meleon Forum
K-Meleon development related discussions.
[quote=guenter] [quote=deadlock] [color=#663300]>Looks like the Dutch exploit on Certs >was far greater than initially reported.[/color] You can provide a patch for users or build a GRE without those 200 certs if a full list of bad certs is made available. What happens if modern browsers detect a stolen/blacklisted certificate?[/quote] The problem is that no full list is available yet. They simply do not know. And worse - they have defaulted to disclose the full extent of the breach immidiately. So You could argue they are not to be trusted anymore. Other browser vendors seem to have revoked/removed the root certificate of this certificates authority/vendor because the extent of the breach is not clear yet. K-Meleon project can easily remove that root certificate also - even after the GRE has been build. Even the users can do it themselves. After that it says: unknown certificate or authority when one of their certs is encountered. :)[/quote]
K-Meleon forum is powered by