On 12/12/13 01:08, [email protected] wrote:
That's the great part about this, Rob, you don't actually have to revoke anything.
Peter, thanks for sharing your interpretation. What concerns me is that the same interpretation is not shared by everyone.
I don't really care whether or not these certs need to be revoked by the end of 2013. What I am concerned about is the possibility that CAs might be reprimanded because they failed to follow an unwritten rule!
The certs will just stop working at some point. I'm being somewhat facetious but that's really the bottom line. Perhaps we should not use the word revocation here because in a strict technical sense that's not what will happen and nor is revocation really necessary. > Sorry, I should have mentioned that I'm thinking primarily about > long-lived certificates that were issued before the BRs became > effective. BRs Section 1 says: > "Except where explicitly stated otherwise, these requirements apply > only to relevant events that occur on or after the Effective Date." > > Where is it written that <2048-bit certs that predate the BRs need to be > revoked by end of 2013?
-- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
