While not stating an opinion on the question asked, let me note that having an empty crl could be fine if all their test certificates expire within the hour.
Sent from my iPhone > On Jun 14, 2016, at 21:02, Mat Caughron <[email protected]> wrote: > > > Adding fuel to the fire that Symantec's handling of the BlueCoat > certificate warrants client-side blocking, see Milton Smith's blog post > here: > http://www.securitycurmudgeon.com/2016/06/blue-coat-intermediate-ca-certificate.html > > > > Mat C. > > >> On Tuesday, May 31, 2016 at 6:56:11 AM UTC-7, [email protected] wrote: >> http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/ reports that >> Symantec made Blue Coat (who produce MITM-capable security kit) an >> intermediate CA last year. They claim its only been used for 'internal >> testing'. Should we take action or trust them? > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
