> R: Sorry, I don't say it clear, please forgive my bad English since my native language is Chinese.
As I said this is my fault that we don't understand the Mozilla policy clearly that we don't think we need to report. But now we are clear that all mis-issued certificate case and any reported bug related system change also need to report. I and every related employee all clear now, then we can guarantee we will do it well in the future.
Why we log all SSL certificate from July 5th is for full transparency to let all related parties can report to us in the first time after the certificate is issued.
Amateur hour. You'd think understanding the rules of the game would be a prerequisite to be a warden of the entire TLS ecosystem, as any unrestricted CA is.
It's not comforting that the entire security of https globally is now in the hands of someone unable to read the CA requirements, and doesn't even seem to worry about that fact.
> R: Sorry, I don't say it clear, please forgive my bad English since my native language is Chinese. As I said this is my fault that we don't understand the Mozilla policy clearly that we don't think we need to report. But now we are clear that all mis-issued certificate case and any reported bug related system change also need to report. I and every related employee all clear now, then we can guarantee we will do it well in the future. Why we log all SSL certificate from July 5th is for full transparency to let all related parties can report to us in the first time after the certificate is issued.
Maybe employ someone with enough English knowledge to read and understand https://www.mozilla.org/en-US/about/governance/policies/secu... ?