|
|
|
|
|
|
by glasz
3553 days ago
|
|
|
nobody has been ruined just yet. and when i look at how sheepishly slow mozilla reacts my guess is nobody will ever really get thrown out of that club. what they've done is clear. it's been misconduct as a ca. untrust them. done. fuck you. |
|
|
There are plenty of innocent sites who use WoSign/Startcom certificates.
It's easy to be flippant when you're not actually responsible for a browser which users use, and need to worry about adverse side-effects. You kill WoSign overnight and you now have millions of users habituated to ignoring TLS errors, and now know how to override internal browser security settings.
Hope it was worth it.