Peter Bowen <[email protected]> writes: >In addition to the direct impact, I note that WoSign is the subject of cross- >signatures from a number of other CAs that chain back to roots in the Mozilla >program (or were in the program).
This is incredible, it's like a hydra. Do the BRs say anything about this type of cross-certification, or is it just "find as many other CAs as you can to cross-certify you so you can't be killed". Why would a public CA even need cross-certification from other CAs? Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
