On Fri, Sep 02, 2016 at 10:27:04AM +0000, Richard Wang wrote: > (2) What I mean is please think about the current users if any action; 10% > from government website, 6 customers is the top 10 eCommerce website in > China;
I'm reminded of a line from an old episode of a rather crass TV show, which happens to be rather on-point: "we know you have a choice in airlines, and it looks like you made the wrong one". > (3) We have quality control; I will send the blocking system screenshot to > you since this mail list can't send. But we think CT is a good solution > for mis-issued problem. I think you've got the wrong impression of CT. The purpose of transparency isn't to help CAs outsource their quality control to the crowd; it's to allow easier identification of misissuance so that a more comprehensive case can be made to revoke a CA's trust status. If you mis-issue a cert and log it to CT, you don't get points for logging it to CT: you get dinged because *you misissued a cert*. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy