Hubert Kario <hka...@redhat.com> writes: >then users expect impossible
Users expect CAs to be something other than certificate vending machines. The fact that CAs fail to do this is a problem with browser PKI and CAs, not with users. (There have been numerous cases of security people reporting CA-certified phishing and malware sites to the CAs that did it. The general response has been "not our problem, they paid their money and we gave them a cert". So even if you tell the CA, they're likely not going to fix it). Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy