On 26/08/16 04:33, Richard Wang wrote: > As I admitted that this discussion gives us a big lesson that we know > when we need to report incident to all browsers. We guarantee we will > do it better.
Richard, You have been involved in this (Mozilla) discussion group and in the CAB Forum for several years. In that time, you will have seen multiple CAs disclose instances where certificates were misissued, and you will have seen root programs take such disclosures seriously and consider them important. Did it not occur to you that the same standard of disclosure that everyone else was using should also apply to WoSign? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy