> Similarly, if we were to accept trust in Qihoo, then we would be ignoring the > precedent Qihoo has set of choosing insecure and anti-user behaviours masked > as "security".
I dare say your cert store will end up as a pretty lonely place if you start investigating CAs –outside the realm of CA per se– and their parent companies for questionable security and shady business. –Stefan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy