I updated https://bugzilla.mozilla.org/show_bug.cgi?id=1299579#c9 with: "" ... here is the approach that we plan to take:
We will add the "Hongkong Post e-Cert CA 1 - 10" intermediate cert to OneCRL at the end of October. Please replace all of the SSL certs chaining up to this intermediate cert that expire after October, because we do not plan to add them to a whitelist. We believe that this is a reasonable compromise. However, if there is compelling evidence to do so, we will add the intermediate cert to OneCRL earlier -- we will let you know if this becomes necessary. "" Thanks, Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy