兩個禮拜前 CA/Browser Forum 的會議記錄,討論了網域認證以及 CNNIC 的事情:「Minutes of CA-Browser Forum Meeting – 2 April 2015」。
由於 US-CERT 的關切,看起來「認證」這件事情 CA/Browser Forum 暫時不會有改善了:
The consensus was that US-CERT was incorrect in saying the email method of domain confirmation presents a vulnerability, that no changes were required, and that the Forum did not need to make any formal response to the US-CERT advisory.
另外是 CNNIC 的事情,也表達「甘我屁事」:
CNNIC sub-CA issue: The members discussed the recent CNNIC sub-CA issue, and noted that Google had recently published its response. Gerv stated that Mozilla was about to publish its response, which would be similar to the Google response. There was consensus that the Forum did not need to take any action.
很官僚的會議結論...