Ryan, It's great Chrome will distrust WoSign and StartCom. Google's blog post stated that "Due to a number of technical limitations and concerns, Google Chrome is unable to trust all pre-existing certificates while ensuring our users are sufficiently protected from further misissuance.". Could you elaborate what whitelist method will Google adopt?
Furthermore, even though Google is completely blocked in China, news about Google are mostly not censored. Is it possible for Google to have a Chinese translation as well, especially regarding WoSign? Such translation can accelerate the early removal process. Percy Alpha(PGP <https://pgp.mit.edu/pks/lookup?op=vindex&search=0xF30D100F7FE124AE>) On Mon, Oct 31, 2016 at 4:18 PM, Ryan Sleevi <[email protected]> wrote: > On Monday, October 24, 2016 at 6:09:50 PM UTC-7, Kathleen Wilson wrote: > > The security blog about Distrusting New WoSign and StartCom Certificates > has been published: > > > > https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and- > startcom-certificates/ > > > > Chinese translations of it will be posted soon. > > > > Thanks, > > Kathleen > > Google has now posted its response, in light of the findings and > discussion helpfully driven by Mozilla, at https://security.googleblog. > com/2016/10/distrusting-wosign-and-startcom.html > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
