On 2 April 2015 at 03:49, <c.le...@gmail.com> wrote: > It would be a golden opportunity for Chinese gov to push for a "home-grown > browser that is not under the control of western imperialism governments" for > sure.
You mean 360 Browser? Hard to get good statistics it seems, but there are reports of it being pretty darn popular: http://www.chinainternetwatch.com/8757/top-web-browsers-china/ (It also does not validate certificates: https://cabforum.org/pipermail/public/2015-April/005441.html , although that is a discussion for another list) I guess I missed the cutoff for the decision, but I am supportive of removing CNNIC entirely and whitelisting existing certificiates issued. As others have said, I am nervous the plans of simply enforcing a cutoff date and asking the community to detect misissuance will not be a sufficient detection mechanism for misissuance. Unless I'm mistaken, despite all the efforts in detecting misissuance (Perspectives, Decentralized Observatory, HPKP reporting, etc) - all recent misissued certificates were found via Chrome's PKP in Chrome. The "community" does not have a good track record on this. -tom _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy