Kyle Hamilton wrote:
Your reaction seems to be based on placing "user convenience" over "user security", and (again, my opinion) I don't believe that this is appropriate at all.
My intent is to balance the disruption that would be caused by pulling a root vs. the actual security threat to users. Right now we have no real idea as to the extent of the problem (e.g., how many certs might have been issued without proper validation, how many of those were issued to malicious actors, etc.).
Frank -- Frank Hecker [email protected] _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
