Kai Engert <k...@kuix.de> writes: >Independently of the request for inclusion, this group could discuss if the >Kazakhstan's CAs should be blacklisted, by adding them to the Mozilla CA list >using negative distrust flags
That would have some pretty bad consequences. With the MITM CA cert enabled, Borat [0] can read every Kazakh user's email, but no-one else can. With the MITM CA blacklisted, Borat can still read every Kazakh user's email, but so can everyone else on the planet. So the choice is between privacy against everyone but one party, and privacy against no-one. Peter. [0] The personification of the Kazakh CA-enabled MITM, following the pattern of Alice, Bob, Mallet, etc. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy