Either way, it's enough of a problem that a bug needs to be opened, and it needs to be followed upon sooner than later.
(My opinion, of course. Comodo's gotta be breathing a sigh of relief that I don't work for the Mozilla Foundation, else I would have yanked the trust bits first and figured it out later.) This incident shows anew the lack of policy/procedure of what to do in the case of a gross breach of the root agreement, though. The entire point of certificates in the first place is "user security", not "user convenience". (If this weren't the case, none of us would have any desire to get certificates in the first place.) Your reaction seems to be based on placing "user convenience" over "user security", and (again, my opinion) I don't believe that this is appropriate at all. -Kyle H On Tue, Dec 23, 2008 at 5:05 AM, Frank Hecker <hec...@mozillafoundation.org> wrote: > Eddy Nigg wrote: >> >> For those interested, Frank opened a bug to investigate this incident: >> >> https://bugzilla.mozilla.org/show_bug.cgi?id=470897 > > Actually Nelson opened this bug. > > Frank > > -- > Frank Hecker > hec...@mozillafoundation.org > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
