Matt Palmer <mpal...@hezmatt.org> writes: >On Mon, May 16, 2016 at 02:22:08PM +0200, Richard Z wrote: >> knowingly issuing/tolerating certificates for sites known to inject >> malware is >> * contrary to user expectaions > >[Citation needed]
So you're saying users expect CAs to certify malware sites? (There have been plenty of user studies showing that users expect the padlock to protect them from malware, hackers, and all sorts of other stuff. Please produce a study showing that users expect CAs to certify malware sites and virus authors). Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy