Perhaps not. However, Qihoo 360's behavior calls the trustworthiness of the entire company into question. And such trust, in my view, should be evaluated when WoSign/StartCom submit their re-inclusion requests in the future.
Percy Alpha(PGP <https://pgp.mit.edu/pks/lookup?op=vindex&search=0xF30D100F7FE124AE>) On Sat, Oct 29, 2016 at 2:38 PM, Peter Bowen <pzbo...@gmail.com> wrote: > On Sat, Oct 29, 2016 at 2:29 PM, Percy <percyal...@gmail.com> wrote: > > So 400 million Chinese users[1] are left vulnerable to MITM by even a > casual attacker and we cannot do anything about it!? > > As stated previously, it is not for one browser to tell another how to > behave and the CA/Browser Forum explicitly cannot set requirements on > members for a number of reasons, including anti-trust concerns. > > While probably not equivalent, this is not all that different from > software licensing discussions. Each author of software can set > licensing terms as permitted by law; these terms might mean the > software qualifies as Free/Libre/Open Source Software (FLOSS) or they > may have requirements that meet other needs. As I’m sure you are > aware, there are viewpoints that say that the only ethical stance is > only FLOSS and there are viewpoints that FLOSS is almost always wrong. > It is not for Mozilla to say that all browsers must be FLOSS (nor for > the CAB Forum to say such), even if one could argue that the only > option for a secure browser is for it to be FLOSS. > > Thanks, > Peter > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy