Yes, I am so sorry for this, it is my fault that I guarantee never happen in 
the future.
If something don't happen to you, you can't get impressed lesson. I know some 
CA mis-issuance case that reported to Mozilla and CABF.



> On 29 Aug 2016, at 16:35, Gervase Markham <> wrote:
>> On 26/08/16 04:33, Richard Wang wrote:
>> As I admitted that this discussion gives us a big lesson that we know
>> when we need to report incident to all browsers. We guarantee we will
>> do it better.
> Richard,
> You have been involved in this (Mozilla) discussion group and in the CAB
> Forum for several years. In that time, you will have seen multiple CAs
> disclose instances where certificates were misissued, and you will have
> seen root programs take such disclosures seriously and consider them
> important. Did it not occur to you that the same standard of disclosure
> that everyone else was using should also apply to WoSign?
> Gerv

Attachment: smime.p7s
Description: S/MIME cryptographic signature

dev-security-policy mailing list

Reply via email to