在 2016年10月30日星期日 UTC+8下午2:37:12,谭晓生写道: > Is there anybody thought about why it happens in China? Why the local browser > did not block the self-issued certificates? > > Thanks, > Xiaosheng Tan > > > > 在 2016/10/30 下午1:17,“Percy”<[email protected]> 写入: > > On Saturday, October 29, 2016 at 5:54:10 PM UTC-7, Matt Palmer wrote: > > On Sat, Oct 29, 2016 at 02:59:07PM -0700, Percy wrote: > > > Perhaps not. However, Qihoo 360's behavior calls the trustworthiness > of the > > > entire company into question. And such trust, in my view, should be > > > evaluated when WoSign/StartCom submit their re-inclusion requests in > the > > > future. > > > > You can make that argument when WoSign/StartCom's reinclusion > discussions > > take place on this list. Now is not the appropriate time for that. > > > > - Matt > > WoSign/StartCom's re-inclusion request might be a year from now. In the > meanwhile, those 400 million users will be exposed to MITM. That's why I'm > bringing it up now, rather than one year later. > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy
I am listening. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
