On Wednesday, January 6, 2016 at 5:08:10 PM UTC-6, Paul Wouters wrote: > As was in the news before, Kazakhstan has issued a national MITM > Certificate Agency. > > Is there a policy on what to do with these? While they are not trusted, > would it be useful to explicitely blacklist these, as to make it > impossible to trust even if the user "wanted to" ? > > The CA's are available here: > http://root.gov.kz/root_cer/rsa.php > http://root.gov.kz/root_cer/gost.php > > One site that uses these CA's is: > https://pki.gov.kz/index.php/en/forum/ > > Paul
Coordinated blacklisting. We shouldn't incentivize this kind of behavior. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
