On Sat, Jan 5, 2013 at 8:05 AM, Ralph Holz <h...@net.in.tum.de> wrote:
> Hi,
>> ...
> What I have also seen was post-hoc debate about the inclusion of the
> Chinese CA CNNIC (CN-NIC), which IMO highlighted a shortcoming of the
> process: If participants do not have much time, the one-week discussion
> period may pass without many comments and a CA thus be included. In the
> case of CNNIC, many objections were raised afterwards as this CA had
> been allegedly associated with malware in the past; there was also
> concern the Chinese government might use it to issue the kind of MITM
> certificates we're worried about. No proof of any such activity could be
> given, and Mozilla decided that the fair approach was to keep them in.
I mark those certificates as untrusted. I was born at night, but not last night.

cryptography mailing list

Reply via email to