We’ve now published the more detailed statement I wrote about the Comodo certificate misissuance incident.
On the back of this, we want to have a wide-ranging discussion about both immediate changes we can make, and also what the web security landscape should look like in 3-5 years. Please join in in mozilla.dev.security.policy.