Frank Hecker wrote:
I know everyone has been been distracted by the punycode controversy (my condensed opinion: yes, registrars *should* do something about it, yes, CAs *could* do something about it, but regardless of what they do we *have to* do something about it),
As long as all are agreed on the last part, the former two parts (registrars, CAs) is a matter for debate outside Mozilla's strict and immediate interests.
I'm curious on one point - I couldn't find a bug filed under shmoo, and there isn't any notice on the /security/ page. m.security groups is likewise silent. Only Gervase to my knowledge has indicated he's working on a proposal (and I'm not even sure if he is a developer...).
Well, I'm curious if the security forum is active on this? Or is this an artifact of the secrecy thing you mentioned last week?
iang
-- News and views on what matters in finance+crypto: http://financialcryptography.com/
_______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
