About the past behavior of WoSign, the incident report
https://www.wosign.com/report/WoSign_Incident_Final_Report_09162016.pdf
from https://wiki.mozilla.org/CA:WoSign_Issues seems missing.
What is the politics of Mozilla about these kind of documents?
- Should the emitter provide it from their website and pledge to keep
that link alive for a long period of time
- Should the emitter provide it and it's Mozilla's job to store it
somewhere permanent
- Should the emitter store it somewhere permanent under Mozilla's
website (as a bug attachment for example)
- Mozilla doesn't care of keeping these documents available
Either way, the this particular case, deciding if WoSign/WoTrus can be
trusted again without having there response about their previous
behavior seems difficult, so I'm sure the document will be online
quickly on the same url as before!
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy