On Wednesday, August 17, 2016 at 3:56:55 AM UTC-7, Nick Lamb wrote: > Mozilla's users are threatened by attacks on the Web PKI even if those > attacks don't work on Firefox itself. Most of its users rely on an OS made by > the other trust store operators, and in which almost all TLS-capable > components use that store, not NSS for trust decisions. So it is an error to > think these users are only "at risk" if Mozilla doesn't act to protect them, > the risk persists unless all the major trust stores act.
I would disagree with this claim, and I tried to show the logical flaws with it in my previous post. In any event, if we do want to discuss this point more - whether or not it's appropriate in a theoretical sense to coordinate with other stores (setting aside any legal, political, or administrative concerns) - we should likely migrate to a new thread. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
