even if Mozilla did get the cert immediately into the latest firefox, there are still major problems caused by ipsCA.

IE8 + latest mozilla only account for a small amount of users of these certs. Our web logs show 30% of IE users are still on IE6. How long would it take for someone to update their mozilla also?

Basically ipsCA acted as if it would be no problem to get a cert on every desktop on the planet in a couple months. Incredible.

They needed to start a couple years ago, get the cert into windows first (root cert updates, which btw aren’t deemed critical updates), or into a windows service pack (e.g. XP SP3 etc). they also needed to get it into every major piece of software that ships a bunch of root certs, such as mozilla, chrome, a bunch of java distrs etc etc etc.

So the fact they only generated that cert a couple months before d-day, just really shows what turkeys they are. I’m with Mozilla on this one, it doesn’t engender a sense of trust.

It seems to me that Mozilla is saying it’s my ball and if you don’t like it I’m taking it with me and going home. This is the antithesis of what Open Source should be about in my opinion, and because of this attitude I am contemplating changing my default browser to Google Chrome. I’m not a really a huge fan of Google, but I am quickly becoming not a fan of Mozilla as well. Any allegiance I may have had is waining fast.

This root expiry therefore compounded the issue.

I reminded ipsCA their root would expire last Jan in a support ticket (query about what would happen to my certs). They have known about the issue since the cert was generated 11 years ago. Why did they wait til the last minute to generate a new root (sep 09)????

It’s commercial suicide. I don’t expect to see them round much longer. Do a search, see how many customers are jumping ship.