On 10/04/14 10:08, Peter Eckersley wrote: > Kaspar, suppose that Mozilla followed your suggestion and removed > StartCom's root certificates from its trust store (or revoked them!). What > would the consequences of that decision be, for the large number of domains > that rely on StartCom certs? I hope that an appropriate policy will force authorities to reconsider their revocation principle. I don't want to harm someone nor I want to work off in any way.
The key is that anybody should be able to shout out "don't trust me anymore!" without a fee. Isn't that part of the trustchain idea? I read a few times that Chrome doesn't even check if a certificate is revoked or not (at least not the default settings). That leads me to the question: Is it mandatory for a CA in mozilla's truststore to have to ability to revoke a certificate or is is only an optional feature provided by some CAs? Kaspar _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
