On 14/04/15 00:15, Peter Kurrasch wrote: > Let's use an example. Suppose CNNIC issues a cert for > whitehouse[dot]gov
....presumably without permission ;-)... > and let's further suppose that CNNIC includes this > cert in the CT data since they have agreed to do that. What happens > next? If no-one is watching, nothing. But it seems to me to be extremely unlikely that no-one will be watching, both from the "whitehouse.gov looking for misissuances" direction, and from the "I want to keep an eye on CNNIC" direction. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy