[plorkyeran]

> Maybe a fork of NSS would be a better plan.

Is forking it actually needed? I was under the impression that Mozilla has many of the same complaints about the current state of NSS as the Chrome team and merely don't want to dedicate the resources to cleaning it up.

[handsomeransoms]

"Don't want to" is a bit uncharitable. We want to, but have limited resources and a lot to do. We actually recently rewrote the certificate validation library and it is currently on Nightly. Check it out!

Of course, it is open source, so patches are always welcome. (Firefox dev here)