- From: <chaals@yandex-team.ru>
- Date: Tue, 20 Jan 2015 16:30:57 +0300
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Paul Libbrecht <paul@hoplahup.net>, Henry S. Thompson <ht@inf.ed.ac.uk>, Mark Nottingham <mnot@mnot.net>, Henri Sivonen <hsivonen@hsivonen.fi>, Chris Palmer <palmer@google.com>, Noah Mendelsohn <nrm@arcanedomain.com>, "Michael[tm] Smith" <mike@w3.org>, Tim Berners-Lee <timbl@w3.org>, Public TAG List <www-tag@w3.org>
20.01.2015, 15:49, "Anne van Kesteren" <annevk@annevk.nl>: > On Tue, Jan 20, 2015 at 1:28 PM, š<chaals@yandex-team.ru> wrote: >> š19.01.2015, 15:01, "Anne van Kesteren" <annevk@annevk.nl>: >>> šAnything but proper CA certificates is a major attack vector >> šThis is misleading. "proper CA certificates" is a very ill-defined term. > > It seems you missed the earlier email where I established that > non-user installed CAs are vetted. And that as far as Gecko goes (and > I believe Chromium uses a derivative) there's a public vetting process > for CAs: https://wiki.mozilla.org/CA That process is quite well > defined and has seen over a decade of practice. No, but I missed the connection between that mail and this statement, which led to the same effect. cheers -- Charles McCathie Nevile - web standards - CTO Office, Yandex chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Tuesday, 20 January 2015 13:31:38 UTC