Yes, I am so sorry for this, it is my fault that I guarantee never happen in the future. If something don't happen to you, you can't get impressed lesson. I know some CA mis-issuance case that reported to Mozilla and CABF.
Regards, Richard > On 29 Aug 2016, at 16:35, Gervase Markham <g...@mozilla.org> wrote: > >> On 26/08/16 04:33, Richard Wang wrote: >> As I admitted that this discussion gives us a big lesson that we know >> when we need to report incident to all browsers. We guarantee we will >> do it better. > > Richard, > > You have been involved in this (Mozilla) discussion group and in the CAB > Forum for several years. In that time, you will have seen multiple CAs > disclose instances where certificates were misissued, and you will have > seen root programs take such disclosures seriously and consider them > important. Did it not occur to you that the same standard of disclosure > that everyone else was using should also apply to WoSign? > > Gerv >
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list email@example.com https://lists.mozilla.org/listinfo/dev-security-policy