On Tue, Oct 18, 2016 at 12:39:42AM +0200, Kurt Roeckx wrote: > On Tue, Oct 18, 2016 at 12:22:21AM +0200, Jakob Bohm wrote: > > > > Over the past few years, this has caused the Mozilla root list to > > become less and less useful for the rest of the open source world, a > > fact which at least some of the Mozilla-root-list-copying open source > > projects seem not to be aware of yet. > > I think the problems for the open source community are: > 1) There is no good way to deal with revocation checking, it > doesn't have anything that deals with something like OneCRL > 2) Mozilla doesn't care about non-https.
I wanted to add that none of this is relevant to what Ryan was saying. Maybe the root list itself is becomming less useful, but that doesn't mean the discussion list is. Also, the problems for the open source community aren't new it's just that some of Mozilla's solutions either don't work for them, they don't know about them, or they don't use it. (It's probably a combination.) Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
