Peter Bowen <[email protected]> writes:
>There are a couple of rules that may create false positives, so please don't
>assume every certificate on the sheet is problematic.
That's still pretty scary, nearly 50,000 names from a who's-who of commercial
CAs. Yet more evidence that, like the output from the EFF SSL Observatory, we
need independent assessment of browser PKI rather than self-certification ("we
define ourselves to be in full compliance with everything we need to be
compliant with, as far as we can tell").
Peter.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
