ongoing help content updates per bugzilla 122806 & ADT, r=oeschger; latest security-related updates.

extensions/help/resources/locale/en-US/certs_help.html

@@ -202,7 +202,9 @@ Here you specify whether you want to trust the selected certificate for identify
  
 <p>&nbsp;</p>
 <a NAME="importing_a_certificate_chainSDX"></a>
+<a NAME="importing_intermediate_CA certificatesSDX"></a>
 <a NAME="certificates:importing_chained_CAIDX"></a>
+<a NAME="certificates:intermediate_CAIDX"></a>
 <a NAME="CA_Certificates"></a><hr>
 <h2>Authorities</h2>
 
@@ -233,6 +235,8 @@ Here you specify whether you want to trust the selected certificate for identify
 
 <p>The root and intermediate CAs all appear under the same organization. The root certificate is the one that lists itself as the the issuer.
 
+<p><b>If you download an intermediate CA:</b> If you download an intermediate CA certificate that chains to a root certificate already marked as trusted in your browser, you dont have indicate what purposes you trust it for. Intermediate certificates automatically inherit the trust settings of their roots.
+
 
 <p>&nbsp;</p><a NAME="Edit_CA_Certificate_Settings"></a><hr>
 <h3>Edit CA Certificate Trust Settings</h3>
@@ -287,7 +291,7 @@ Here you specify whether you want to trust the selected certificate for identify
 </ul>
 
 <hr>
-<p><i>30 May 2002</i></p>
+<p><i>9 June 2002</i></p>
 <p>Copyright &copy; 1994-2002 Netscape Communications Corporation.</p>
 
 </body>

extensions/help/resources/locale/en-US/certs_help.xhtml

@@ -202,7 +202,9 @@ Here you specify whether you want to trust the selected certificate for identify
  
 <p>&nbsp;</p>
 <a NAME="importing_a_certificate_chainSDX"></a>
+<a NAME="importing_intermediate_CA certificatesSDX"></a>
 <a NAME="certificates:importing_chained_CAIDX"></a>
+<a NAME="certificates:intermediate_CAIDX"></a>
 <a NAME="CA_Certificates"></a><hr>
 <h2>Authorities</h2>
 
@@ -233,6 +235,8 @@ Here you specify whether you want to trust the selected certificate for identify
 
 <p>The root and intermediate CAs all appear under the same organization. The root certificate is the one that lists itself as the the issuer.
 
+<p><b>If you download an intermediate CA:</b> If you download an intermediate CA certificate that chains to a root certificate already marked as trusted in your browser, you dont have indicate what purposes you trust it for. Intermediate certificates automatically inherit the trust settings of their roots.
+
 
 <p>&nbsp;</p><a NAME="Edit_CA_Certificate_Settings"></a><hr>
 <h3>Edit CA Certificate Trust Settings</h3>
@@ -287,7 +291,7 @@ Here you specify whether you want to trust the selected certificate for identify
 </ul>
 
 <hr>
-<p><i>30 May 2002</i></p>
+<p><i>9 June 2002</i></p>
 <p>Copyright &copy; 1994-2002 Netscape Communications Corporation.</p>
 
 </body>

extensions/help/resources/locale/en-US/mail_sec_help.html

@@ -86,7 +86,7 @@
 <h3>
 How Encryption Works</h3>
 
-<p>To encrypt an email message, you must have an encryption certificate for each of the message's recipients. The public key in each certificate is used to encrypt the message for that recipient. 
+<p>To encrypt an email message, you must have an <a href="glossary.html#encryption_certificate">encryption certificate</a> for each of the message's recipients. The public key in each certificate is used to encrypt the message for that recipient. 
 
 <p>If you don&apos;t have a certificate for even a single recipient, the message cannot be encrypted.
 
@@ -94,13 +94,22 @@ How Encryption Works</h3>
 
 <p>&nbsp;</p>
 <a NAME="get_mail_certs"></a>
+<a name="LDAP:fetching_certificatesIDX></a>
+<a name="LDAP_certificate_fetchingSDX></a>
 <h2>Getting Other People's Certificates</h2>
 
 <p>Every time you send a digitally signed message, your encryption certificate is automatically included with the message. Therefore, one of the easiest ways to obtain someone else's certificate is for that person to send you a digitally signed message. 
 
 <p>When you receive such a message, the person's certificate is automatically stored by the <a href="certs_help.html">Certificate Manager</a>, which is the part of the browser that keeps track of certificates. This is useful because you need to have a certificate for each recipient of any email message that you want to send in encrypted form.
 
-<p>You can also obtain certificates by looking them up in a public directory, such as the &quot;phonebook&quot; directories maintained by many companies.
+<p>Another way to obtain certificates is to look them up in a public directory, such as the &quot;phonebook&quot; directories maintained by many companies.
+
+<p>It's also possible to look up certificates automatically.  This feature is controlled by <a href="mail_help.html#PREFERENCES_MAILNEWS_ADDRESSING">Mail & Newsgroups Preferences - Addressing</a> or <a href="mail_help.html#addressing_settings">Mail & Newgroups Account Settings - Addressing</a>, which can be configured to look up recipients&apos; email addresses in a directory. 
+
+<p>When you are using any account that is configured to look up addresses in a directory, the same directory will be searched for matching certificates when you attempt to send an encrypted message to one or more recipients for whom you don't have certificates on file. 
+
+<p>The directory will also be searched for missing certificates when you open the drop-down menu below the Security icon in the Compose window and choose View Security Info.
+
 
 
 <p>&nbsp;</p>
@@ -272,7 +281,7 @@ How Encryption Works</h3>
 <hr>
 
 
-<p><i>5 June 2002</i></p>
+<p><i>9 June 2002</i></p>
 <p>Copyright &copy; 1994-2002 Netscape Communications Corporation.</p>
 
 </body>

extensions/help/resources/locale/en-US/mail_sec_help.xhtml

@@ -86,7 +86,7 @@
 <h3>
 How Encryption Works</h3>
 
-<p>To encrypt an email message, you must have an encryption certificate for each of the message's recipients. The public key in each certificate is used to encrypt the message for that recipient. 
+<p>To encrypt an email message, you must have an <a href="glossary.html#encryption_certificate">encryption certificate</a> for each of the message's recipients. The public key in each certificate is used to encrypt the message for that recipient. 
 
 <p>If you don&apos;t have a certificate for even a single recipient, the message cannot be encrypted.
 
@@ -94,13 +94,22 @@ How Encryption Works</h3>
 
 <p>&nbsp;</p>
 <a NAME="get_mail_certs"></a>
+<a name="LDAP:fetching_certificatesIDX></a>
+<a name="LDAP_certificate_fetchingSDX></a>
 <h2>Getting Other People's Certificates</h2>
 
 <p>Every time you send a digitally signed message, your encryption certificate is automatically included with the message. Therefore, one of the easiest ways to obtain someone else's certificate is for that person to send you a digitally signed message. 
 
 <p>When you receive such a message, the person's certificate is automatically stored by the <a href="certs_help.html">Certificate Manager</a>, which is the part of the browser that keeps track of certificates. This is useful because you need to have a certificate for each recipient of any email message that you want to send in encrypted form.
 
-<p>You can also obtain certificates by looking them up in a public directory, such as the &quot;phonebook&quot; directories maintained by many companies.
+<p>Another way to obtain certificates is to look them up in a public directory, such as the &quot;phonebook&quot; directories maintained by many companies.
+
+<p>It's also possible to look up certificates automatically.  This feature is controlled by <a href="mail_help.html#PREFERENCES_MAILNEWS_ADDRESSING">Mail & Newsgroups Preferences - Addressing</a> or <a href="mail_help.html#addressing_settings">Mail & Newgroups Account Settings - Addressing</a>, which can be configured to look up recipients&apos; email addresses in a directory. 
+
+<p>When you are using any account that is configured to look up addresses in a directory, the same directory will be searched for matching certificates when you attempt to send an encrypted message to one or more recipients for whom you don't have certificates on file. 
+
+<p>The directory will also be searched for missing certificates when you open the drop-down menu below the Security icon in the Compose window and choose View Security Info.
+
 
 
 <p>&nbsp;</p>
@@ -272,7 +281,7 @@ How Encryption Works</h3>
 <hr>
 
 
-<p><i>5 June 2002</i></p>
+<p><i>9 June 2002</i></p>
 <p>Copyright &copy; 1994-2002 Netscape Communications Corporation.</p>
 
 </body>

extensions/help/resources/locale/en-US/profiles_help.html

@@ -14,7 +14,7 @@
 <a NAME="profiles:managingIDX"></a>
 <hr><h1>Managing Profiles</h1>
 
-<p>If you use the Internet at home and at work, you may want to have access to a different set of bookmarks, preferences, address books, email accounts, My Sidebar setup, and so on. Similarly, family members may want to share share a copy of the same browser software but keep their Internet identities separate. 
+<p>If you use the Internet at home and at work, you may want to have access to a different set of bookmarks, preferences, address books, email accounts, My Sidebar setup, and so on. Similarly, family members may want to share a copy of the same browser software but keep their Internet identities separate. 
 
 <p>The Profile Manager lets you create different profiles, each with its own bookmarks, preferences, email settings, and so on. You automatically create a default profile when you first install your browser software. After you create one or more additional profiles, you will be asked which you want to use each time you launch the browser.</P>
 
@@ -83,7 +83,7 @@
 
 <hr>
 
-<p><i>6 June 2002</i></p>
+<p><i>9 June 2002</i></p>
 
 <hr>
 <p>Copyright &copy; 1994-2002 Netscape Communications Corporation.</p>

extensions/help/resources/locale/en-US/profiles_help.xhtml

@@ -14,7 +14,7 @@
 <a NAME="profiles:managingIDX"></a>
 <hr><h1>Managing Profiles</h1>
 
-<p>If you use the Internet at home and at work, you may want to have access to a different set of bookmarks, preferences, address books, email accounts, My Sidebar setup, and so on. Similarly, family members may want to share share a copy of the same browser software but keep their Internet identities separate. 
+<p>If you use the Internet at home and at work, you may want to have access to a different set of bookmarks, preferences, address books, email accounts, My Sidebar setup, and so on. Similarly, family members may want to share a copy of the same browser software but keep their Internet identities separate. 
 
 <p>The Profile Manager lets you create different profiles, each with its own bookmarks, preferences, email settings, and so on. You automatically create a default profile when you first install your browser software. After you create one or more additional profiles, you will be asked which you want to use each time you launch the browser.</P>
 
@@ -83,7 +83,7 @@
 
 <hr>
 
-<p><i>6 June 2002</i></p>
+<p><i>9 June 2002</i></p>
 
 <hr>
 <p>Copyright &copy; 1994-2002 Netscape Communications Corporation.</p>

extensions/help/resources/locale/en-US/using_certs_help.html

@@ -450,13 +450,14 @@
  
 
 <p>&nbsp;</p>
+<a NAME="CRLs:Next_Update_dateIDX"></a>
 <a name ="next_update"></a><h3>About the "Next Update" Date</h3>
 
 <p>The browser uses the CRLs it has available to check the validity of certificates issued by the corresponding CAs. If a certificate is listed as revoked, the browser won't accept it as evidence of identity.
 
 <p>A CA typically publishes an updated CRL at regular intervals. Every CRL includes a date, specified in the Next Update field, by which the CA will publish the next update of that CRL. In general, if the date in the Next Update field is earlier than the current date, you should obtain the most recent version of the CRL. To view CRL information and set up automatic CRL updating, see <a href="#view_manage_CRLs">Viewing and Managing CRLs</a>.
 
-<p>Although the absence of the most recent CRL does not by itself invalidate a certificate, the browser may not handle such certificates correctly. In some situations, you may want to delete CRLs with Next Update dates earlier than the present. Speak to your system administrator for guidance on CRL management. 
+<p>CAs are required to produce a new CRL by the Next Update date. However, the absence of the most recent CRL does not by itself invalidate a certificate. For this reason, if the most recent CRL is not available, a certificate may be validated even though the most recent CRL shows it as expired. Automatic CRL updating can help to avoid this situation.
 
 
 
@@ -530,7 +531,7 @@
 
 
 <hr>
-<p><i>6 June 2002</i></p>
+<p><i>9 June 2002</i></p>
 <p>Copyright &copy; 1994-2002 Netscape Communications Corporation.</p>
 
 </body>

extensions/help/resources/locale/en-US/using_certs_help.xhtml

@@ -450,13 +450,14 @@
  
 
 <p>&nbsp;</p>
+<a NAME="CRLs:Next_Update_dateIDX"></a>
 <a name ="next_update"></a><h3>About the "Next Update" Date</h3>
 
 <p>The browser uses the CRLs it has available to check the validity of certificates issued by the corresponding CAs. If a certificate is listed as revoked, the browser won't accept it as evidence of identity.
 
 <p>A CA typically publishes an updated CRL at regular intervals. Every CRL includes a date, specified in the Next Update field, by which the CA will publish the next update of that CRL. In general, if the date in the Next Update field is earlier than the current date, you should obtain the most recent version of the CRL. To view CRL information and set up automatic CRL updating, see <a href="#view_manage_CRLs">Viewing and Managing CRLs</a>.
 
-<p>Although the absence of the most recent CRL does not by itself invalidate a certificate, the browser may not handle such certificates correctly. In some situations, you may want to delete CRLs with Next Update dates earlier than the present. Speak to your system administrator for guidance on CRL management. 
+<p>CAs are required to produce a new CRL by the Next Update date. However, the absence of the most recent CRL does not by itself invalidate a certificate. For this reason, if the most recent CRL is not available, a certificate may be validated even though the most recent CRL shows it as expired. Automatic CRL updating can help to avoid this situation.
 
 
 
@@ -530,7 +531,7 @@
 
 
 <hr>
-<p><i>6 June 2002</i></p>
+<p><i>9 June 2002</i></p>
 <p>Copyright &copy; 1994-2002 Netscape Communications Corporation.</p>
 
 </body>