Re: Draft finding - "Transitioning the Web to HTTPS"

20.01.2015, 15:49, "Anne van Kesteren" <>:
> On Tue, Jan 20, 2015 at 1:28 PM, š<> wrote:
>> š19.01.2015, 15:01, "Anne van Kesteren" <>:
>>> šAnything but proper CA certificates is a major attack vector
>> šThis is misleading. "proper CA certificates" is a very ill-defined term.
> It seems you missed the earlier email where I established that
> non-user installed CAs are vetted. And that as far as Gecko goes (and
> I believe Chromium uses a derivative) there's a public vetting process
> for CAs: That process is quite well
> defined and has seen over a decade of practice.

No, but I missed the connection between that mail and this statement, which led to the same effect.


Charles McCathie Nevile - web standards - CTO Office, Yandex - - - Find more at

Received on Tuesday, 20 January 2015 13:31:38 UTC