On 15/10/16 00:32, Peter Gutmann wrote: > I would have expected some sort of coordinating action to provide a unified > response to the issue and corresponding unified, consistent behaviour among > the browsers, rather than the current lottery as to what a particular browser > (other than Apple and Mozilla's ones) will do when it encounters a WoSign > cert.
Browsers are capable of coordinating independent of the CAB Forum. However, some browsers are concerned about doing so (for legal reasons, I believe) and so the level of coordination is limited. But actually, I think this is a feature. Root stores are a decision about who to trust. It is entirely reasonable for different people to have different views on a person or organization's trustworthiness. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy