On Sat, Oct 29, 2016 at 2:29 PM, Percy <percyal...@gmail.com> wrote: > So 400 million Chinese users[1] are left vulnerable to MITM by even a casual > attacker and we cannot do anything about it!?
As stated previously, it is not for one browser to tell another how to behave and the CA/Browser Forum explicitly cannot set requirements on members for a number of reasons, including anti-trust concerns. While probably not equivalent, this is not all that different from software licensing discussions. Each author of software can set licensing terms as permitted by law; these terms might mean the software qualifies as Free/Libre/Open Source Software (FLOSS) or they may have requirements that meet other needs. As I’m sure you are aware, there are viewpoints that say that the only ethical stance is only FLOSS and there are viewpoints that FLOSS is almost always wrong. It is not for Mozilla to say that all browsers must be FLOSS (nor for the CAB Forum to say such), even if one could argue that the only option for a secure browser is for it to be FLOSS. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy