Yes, I am so sorry for this, it is my fault that I guarantee never happen in 
the future.
If something don't happen to you, you can't get impressed lesson. I know some 
CA mis-issuance case that reported to Mozilla and CABF.

Regards,

Richard

> On 29 Aug 2016, at 16:35, Gervase Markham <g...@mozilla.org> wrote:
> 
>> On 26/08/16 04:33, Richard Wang wrote:
>> As I admitted that this discussion gives us a big lesson that we know
>> when we need to report incident to all browsers. We guarantee we will
>> do it better.
> 
> Richard,
> 
> You have been involved in this (Mozilla) discussion group and in the CAB
> Forum for several years. In that time, you will have seen multiple CAs
> disclose instances where certificates were misissued, and you will have
> seen root programs take such disclosures seriously and consider them
> important. Did it not occur to you that the same standard of disclosure
> that everyone else was using should also apply to WoSign?
> 
> Gerv
> 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to