On Saturday, October 29, 2016 at 5:54:10 PM UTC-7, Matt Palmer wrote: > On Sat, Oct 29, 2016 at 02:59:07PM -0700, Percy wrote: > > Perhaps not. However, Qihoo 360's behavior calls the trustworthiness of the > > entire company into question. And such trust, in my view, should be > > evaluated when WoSign/StartCom submit their re-inclusion requests in the > > future. > > You can make that argument when WoSign/StartCom's reinclusion discussions > take place on this list. Now is not the appropriate time for that. > > - Matt
WoSign/StartCom's re-inclusion request might be a year from now. In the meanwhile, those 400 million users will be exposed to MITM. That's why I'm bringing it up now, rather than one year later. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
