On Thursday, January 12, 2017 at 7:38:47 PM UTC-5, Itzhak Daniel wrote: > Why not posting _ALL_ certificates issues via that method to CT log?
We had to nag and whine for a year to get IXSystems and FreeNAS folks to finally, begrudgingly use TLS (for Download of ISOs and SHA256 no less!). The 'Volunteers' and staff deleted my posts, accused me of trolling and stated that the CAs' system was something like bunk or a laughing stock. Though not a commiter or security guru, I submit that: If a CA refuses to take advantage of Google's <i>Certificate Transparency Project</i> or otherwise public log per RFC 6962, then Mozilla MUST shun them! I mean who dares disagree? Surely this is a non-partisan issue with Mozilla Devs AND majority of Firefox Users? Let's keep on topic of GoDaddy's second insufficiency, though it's not alone on the consensus naughty-list. I assume some relevant browser Devs were shown proof of what happened in detail? Can they complain their spaghetti code is that proprietary, really. It surely is not valuable now as a work product. Just sign NDAs if they won't the bother. The 'lapses' WILL keep getting more convoluted and ridiculous if Mozilla, Google et al. don't finally draw the line. PS: FreeNAS is still using GoDadddy, even though they have other valid certificates per: https://www.google.com/transparencyreport/https/ct/ ...somebody has to lead by example and soon! _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy