I can't believe I just found "CNNIC ROOT" in my firefox 40 CA trusted list. Mozilla, are you kidding your users or what? It's simply unacceptable to ignore user complaints and ignore serious certificate authority misconduct.
The whitelist approach adopted by google seems like a reasonable solution. But just ignoring the problem is a complete carelessness for the users. You are one of few organizations that should lead the way. This is not what you're doing right now. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
