"anyone issuing certificates for .cn, .hk or .mo domain *MUST* submit those certificate to the CT server set (with similar constraints as you require for WoSign/StartCom) "
This means you're rather ill-informed about the Chinese Internet. Most Chinese sites still use .com domains. But this is not what users are worried about as .cn domains are already under Chinese jurisdiction. They're more worried about attack against .com domains such as MITM against Github Outlook, Yahoo,Google and iCloud. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy