Re: Draft finding - "Transitioning the Web to HTTPS"

On Tue, Jan 20, 2015 at 1:28 PM,  <> wrote:
> 19.01.2015, 15:01, "Anne van Kesteren" <>:
>> Anything but proper CA certificates is a major attack vector
> This is misleading. "proper CA certificates" is a very ill-defined term.

It seems you missed the earlier email where I established that
non-user installed CAs are vetted. And that as far as Gecko goes (and
I believe Chromium uses a derivative) there's a public vetting process
for CAs: That process is quite well
defined and has seen over a decade of practice.


Received on Tuesday, 20 January 2015 12:49:28 UTC