WoSign will roll out a globally trusted intermediate cert to sign new certs with the existing WoSign system that had so many control failures.
Does Mozilla and this community accept such a work-around for WoSign? If we do, then what's the point of distrust those WoSign root certs? If not, then what's an appropriate response for WoSign's announcement? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
