On 3/27/2015 1:29 AM, Charles Reiss wrote: > Although it's rather irrelevant to whether CNNIC has complied with Mozilla's > policies: This device designed to issue certs without verifying domain > control. > Does CNNIC not regard this as strong evidence that MCS's agreement was made in > bad faith? Yeah, if this device is designed to issue certificates automatically. Why does it have this feature? The answer is obviously for traffic monitoring. But then why Paloalto would develop such problematic feature which violate security principle? If it is a common feature in Paloalto firewall (or even other brands of firewalls), I'd believe that many organizations are doing the same thing. Should firewall vendors or developers take some responsibilities too?
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy