Kyle Hamilton wrote:
Your reaction seems to be based on placing "user convenience" over "user security", and (again, my opinion) I don't believe that this is appropriate at all.
My intent is to balance the disruption that would be caused by pulling a root vs. the actual security threat to users. Right now we have no real idea as to the extent of the problem (e.g., how many certs might have been issued without proper validation, how many of those were issued to malicious actors, etc.).
Frank -- Frank Hecker hec...@mozillafoundation.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
