> Take a few deep breaths. Just breathe. There. Good. If that's what helps you sleep at night. It remains a fact that browser vendors chose to hand the keys to the castle to an organization known at the time to be one of the largest distributors of malware in the world. I'm not talking broadly about the Chinese government but specifically about the CNNIC. Hard to see how this is a surprise...
The discovered certificate is the tip of the iceberg. If they weren't following a dozen rules here, do you think they were elsewhere?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
