On 12/04/2018 21:20, James Burton wrote:
Both mine and Ian's demonstrations never harmed or deceived anyone as they were proof of concept. The EV certs were properly validated to the EV guidelines. Both companies are legitimate. So what's the issue? None.
In the security space, blocking a proof of concept exploit is usually considered the right thing to do. But doing so in a way that is entirely limited to the concrete example rather than the underlying problem is considered cheating. Consider, as an analogy, a hypothetical freedom of speech law whose only exception was that you must not shout "fire" in a packed theater. Then an actor standing on stage making speech about the silliness of that law and then shouting "fire", with full warning of the audience to avoid panic, should not be surprised to get charged with the specific offense, as it was a deliberate test of the law. Of cause, such an actor might deserve some leniency in the punishment, such as a $1 fine, but he should not be surprised the law is formally upheld. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
