* [email protected] <[email protected]> [2015-04-01 19:57]:
> Therefore, I believe we should move forward with filling in the
> details for the plan that Richard described.
>
> I will greatly appreciate your continued thoughtful and constructive
> feedback on this.
Hello,
the plan would be to continue allowing current certificats (perhaps
with some sort of whitelist) while not accepting new certificates.
Could you ask Google to share their whitelist?
As far as I understand it, without an explicit whitelist nothing would
prevent CNNIC to backdate new certificates so that they would be
accepted. Is this right or am I missing something?
If I'm right then I would propose only doing this with an explicit
whitelist. Anything else would depend on CNNIC to adhere to procedures
which they have violated in the past.
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
