TarquinWJ Opera
Hi all,
A comment from Opera's perspective;
Like Chrome, Opera uses the rootstores provided by the platform, as well as Mozilla's NSS rootstore on platforms which do not provide their own. We therefore place a lot of trust in these rootstores, and the CAs that are included in them. We are very grateful to both Google and Mozilla for keeping as much of this discussion in public as possible, when deciding how best to deal with the current situation.
Where possible, we would like the resolutions to mitigate the specific incidents that have been identified - the intent is to solve a problem. Making arbitrary changes which do not prevent recurrences of the incidents serves little purpose, and should be avoided (they may also be included if they offer some positive benefit, but that should not affect the need for actual resolutions). Sanctions may have their place, but specific mitigations are best as long as there are good intentions from the parties involved.
Typically, we use the same approach as Chromium when deciding which certificates to blacklist, and we are likely to use whichever approach Chrome uses when dealing with the Symantec root certificates. Internally, our opinion is that Google's second proposal is the one that should be implemented, but failing that, we like Mozilla's fallback proposal outlined here:
https://docs.google.com/document/d/1RhDcwbMeqgE2Cb5e6xaPq-lUPmatQZwx3Sn2NPz9jF8/edit
