Matt Palmer <[email protected]> writes: >For example, every time someone says "why not just provide an SPKI dump?", I >explain why that won't work without additional engineering to ensure currency >of the dataset, and then... crickets.
It doesn't have to be perfect, it just has to be good enough, and in particular better than what we have now which is nothing at all. Thus my earlier comment that even a top-ten would be a good start, particularly if that covers 90% of uses cases from widely-used software, i.e. prompts users to use something other than the hardcoded out-of-the-box key in the app. Peter. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ME0P300MB07131FF8D8C4947EBCC231E3EE4D2%40ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM.
