Is there anybody thought about why it happens in China? Why the local browser did not block the self-issued certificates?
Thanks, Xiaosheng Tan 在 2016/10/30 下午1:17,“Percy”<[email protected]> 写入: On Saturday, October 29, 2016 at 5:54:10 PM UTC-7, Matt Palmer wrote: > On Sat, Oct 29, 2016 at 02:59:07PM -0700, Percy wrote: > > Perhaps not. However, Qihoo 360's behavior calls the trustworthiness of the > > entire company into question. And such trust, in my view, should be > > evaluated when WoSign/StartCom submit their re-inclusion requests in the > > future. > > You can make that argument when WoSign/StartCom's reinclusion discussions > take place on this list. Now is not the appropriate time for that. > > - Matt WoSign/StartCom's re-inclusion request might be a year from now. In the meanwhile, those 400 million users will be exposed to MITM. That's why I'm bringing it up now, rather than one year later. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
