On Sat, Jan 5, 2013 at 8:05 AM, Ralph Holz <h...@net.in.tum.de> wrote: > Hi, > >> ... > > What I have also seen was post-hoc debate about the inclusion of the > Chinese CA CNNIC (CN-NIC), which IMO highlighted a shortcoming of the > process: If participants do not have much time, the one-week discussion > period may pass without many comments and a CA thus be included. In the > case of CNNIC, many objections were raised afterwards as this CA had > been allegedly associated with malware in the past; there was also > concern the Chinese government might use it to issue the kind of MITM > certificates we're worried about. No proof of any such activity could be > given, and Mozilla decided that the fair approach was to keep them in. I mark those certificates as untrusted. I was born at night, but not last night.
Jeff _______________________________________________ cryptography mailing list firstname.lastname@example.org http://lists.randombit.net/mailman/listinfo/cryptography