On Wed, Mar 25, 2015 at 6:24 PM, Peter Kurrasch <fhw...@gmail.com> wrote: > Someone correct me if I'm wrong, but my understanding of the Superfish > debacle is that sites that have EV certs would get the green bar treatment on > other devices but not on the Lenovo devices where Superfish was installed. > The implication, then, is that the green bar provides no improvement in > security since apparently nobody noticed it wasn't there. > > That being the case, if there is little security benefit to having the green > bar to begin with then taking it away seems...feckless? > > Besides, while CNNIC clearly made mistakes they aren't the ones who generated > a google.com cert. Seems to me some responsibility should be borne by the > folks at MCS Holdings, too.
The MCS holding certificate was already revoked. What more do you want from them? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy