Peter Gutmann wrote: > Ryan Sleevi <[email protected]> writes: > >> What is the goal of the root program? Should there be a higher bar for >> removing CAs than adding them? Does trust increase or decrease over time? > > Another thing I'd like to bring up is the absolute silence of the CAB forum > over all this. Apple have quietly unilaterally distrusted, Mozilla have > debated at length (three months now) and are taking action, but the regulatory > body that should be taking charge, the CAB forum, has (apparently) taken > absolutely no action. > > Does anyone know the position among other browser vendors, Chrome, IE, Opera, > Konqueror, Chromium, Midori, the dozen or more forks of various bigger > browsers, the dozens(?) of mobile browsers, and so on.
Most Linux distributions ship a package like "ca-certificates-mozilla" which simply copies the Mozilla trusted CA cert set and converts it into several trust store formats. So the impact is much broader besides web browsers even affecting e.g. MTA-MTA SMTP communication. (Yes, I fully understand that Mozilla refuses to take responsibility for that.) Ciao, Michael. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
