Hi Richard,

On Thu, Apr 27, 2017 at 6:13 AM, Richard Wang via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> I like to share the experience we suffered from distrust, it is disastrous
> for CA and its customers to replace the certificate that exceed your
> imagination that we are still working for this since October 2016 that
> nearly six months now.

Yes, when an organization demonstrates its willingness to be operated in a
non-trustworthy manner, knowingly and with actively deceptive processes, it
can be very difficult for them to regain trust.

> Due to the quantity of Symantec customers is more than WoSign and most
> companies are bigger than WoSign's customers, I am sure that the
> interoperability and compatibility failures could bring big problem to
> Symantec, to Symantec customers and the Browser users.

Do you believe that, during the discussions about how to respond to
WoSign's issues, the scope of impact was underestimated? If so, can you
share how? That might be a more productive and fruitful contribution, if
people trust the response.
dev-security-policy mailing list

Reply via email to