Hello i read in the news (but not here on m.d.s.p) that a few days ago Globalsign revoked one of their intermediary roots and then un-revoked it (well, the revocation is accidental, but it was still a properly announced revocation, via signed CRL and OCSP).
http://www.theregister.co.uk/2016/10/15/globalsign_incident_report/ They rolled back the revocation, but i thought that the BRs explicitly forbid that a suspended/revoked certificate be un-suspended/un-revoked. https://www.globalsign.com/en/customer-revocation-error/ is this revival/un-revocation of an intermediary CA allowed by the BRs? ~~~~ Adrian R. (p.s. can we call this revived certificate a zombie? :) ) (off-topic note: sigh, was intending not to post here again because news relay servers that strip DKIM signatures will generate a lot of DMARC failure reports for rejected messages. oh well.) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy