Ryan, I agree completely that we shouldn't imply fundamental guilt by association. However, WoSign threatened legal actions against Itzhak Daniel's disclosure compiled purely from public sources. I just want to make sure the disclosure was not buried after the content was taken down.
Richard, the CEO of WoSign, stated "From the screenshot, we know why Percy hate WoSign so deeply, we know he represent which CA, everything is clear now." The screenshot refers to https://groups.google.com/d/msg/mozilla.dev.security.policy/k9PBmyLCi8I/5Lelu0oyDQAJ and the screenshot proves WoSign is actively misleading the public. He further seems to think I'm working for Let's Encrypt and consequently want to undermine WoSign. It is he that needs to answer the questions and concerned raised rather than discrediting the questioners or threatening legal actions. For the record, I'm not and have not worked for Let's Encrypt or any CA. Percy Alpha(PGP <https://pgp.mit.edu/pks/lookup?op=vindex&search=0xF30D100F7FE124AE>) On Sat, Sep 3, 2016 at 12:51 PM, Ryan Sleevi <r...@sleevi.com> wrote: > Percy, > > As I suggested in the other thread, this does not seem a productive or > fruitful line of inquiry, nor does it seem relevant to the issue at hand, > nor does it seem to be done respectfully. > > That is, the extent of the country of origin of a CA is not itself a > fundamental issue of trust, nor should translation errors be. I agree that > there's a line where elements such as actively misleading the public become > a matter of public concern, but let's try not to suggest there is something > wrong with being from a particular country, nor that it represents proof of > wrongdoing. > > I believe we are on the cusp of crossing a line here, and would love if we > could focus on the technical and factual issues, without attempting to > imply fundamental guilt by association or pseudo-phrenological analysis of > speech patterns to show some form of wrongdoing. > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy