On Wed, Oct 05, 2016 at 01:30:37PM +0000, Peter Gutmann wrote: > Rob Stradling <[email protected]> writes: > > >Easy. It doesn't make a sound. Unrevoked certificates don't make sounds > >either. > > What I was really asking, in a tongue-in-cheek way, was whether there was any > indication of how successfully the information could be propagated to > browsers.
This is why browsers have something like OneCRL, so that they actually do know about it and why Rob added that information to the bug tracker (https://bugzilla.mozilla.org/show_bug.cgi?id=906611#c2). I'm just wondering if that was the correct bug to report this on and that he shouldn't have opened a new one. Anyway, Rob wrote there: > I think the combination of other measures previously taken (the > removal of the "UTN - DATACorp SGC" root certificate, the > revocation/blacklisting of the cross-certificates issued to "UTN - > DATACorp SGC", and the technical constraints in these 3 > cross-certificates issued to WoSign) should mean that these 3 > cross-certificates are already not trusted by Mozilla users. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
