On 15/10/16 00:32, Peter Gutmann wrote:
> I would have expected some sort of coordinating action to provide a unified
> response to the issue and corresponding unified, consistent behaviour among
> the browsers, rather than the current lottery as to what a particular browser
> (other than Apple and Mozilla's ones) will do when it encounters a WoSign
> cert.

Browsers are capable of coordinating independent of the CAB Forum.
However, some browsers are concerned about doing so (for legal reasons,
I believe) and so the level of coordination is limited.

But actually, I think this is a feature. Root stores are a decision
about who to trust. It is entirely reasonable for different people to
have different views on a person or organization's trustworthiness.


dev-security-policy mailing list

Reply via email to