On Tue, Oct 18, 2016 at 12:22:21AM +0200, Jakob Bohm wrote: > > Over the past few years, this has caused the Mozilla root list to > become less and less useful for the rest of the open source world, a > fact which at least some of the Mozilla-root-list-copying open source > projects seem not to be aware of yet.
I think the problems for the open source community are: 1) There is no good way to deal with revocation checking, it doesn't have anything that deals with something like OneCRL 2) Mozilla doesn't care about non-https. The solution that seems to be prefered for 1) is to have mandatory OCSP stapling. But I don't see that happening any time soon. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy