On 30 June 2015 at 13:36, Richard Barnes <[email protected]> wrote: > Obviously, we can't change the letter now, but if you have any thoughts or > concerns about this interaction, please feel free to reply in this thread.
I guess I feel like there was a lot more things that could be put under #4. - I understand Mozilla is still evaluating CT, but it seems odd not to mention it. - The deployment of HSTS/HPKP - Deployment of OCSP Stapling to enable a move to hard-fail... so revocation actually works - Investment in "Core Infrastructure" and testing methodologies to enable more secure software so on and so forth... -tom _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
