On Tue, Oct 18, 2016 at 12:22:21AM +0200, Jakob Bohm wrote:
> Over the past few years, this has caused the Mozilla root list to
> become less and less useful for the rest of the open source world, a
> fact which at least some of the Mozilla-root-list-copying open source
> projects seem not to be aware of yet.
I think the problems for the open source community are:
1) There is no good way to deal with revocation checking, it
doesn't have anything that deals with something like OneCRL
2) Mozilla doesn't care about non-https.
The solution that seems to be prefered for 1) is to have mandatory
OCSP stapling. But I don't see that happening any time soon.
dev-security-policy mailing list