Thanks! The revocation timeline changes are coming today/tomorrow morning.
-----Original Message----- From: Gervase Markham [mailto:g...@mozilla.org] Sent: Tuesday, May 2, 2017 4:55 AM To: r...@sleevi.com; Jeremy Rowley <jeremy.row...@digicert.com>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: CA Validation quality is failing On 02/05/17 00:01, Ryan Sleevi wrote: > Thank you for > 1) Disclosing the details to a sufficient level of detail immediately > 2) Providing regular updates and continued investigation > 3) Confirming the acceptability of the plan before implementing it, > and with sufficient detail to understand the implications I echo Ryan's comments here. I'm happy with your remediation plan, and think there's enough wiggle room in the BRs and Mozilla policy that revocation of the certs with "N/A" etc. is avoidable. I still think we need to address that 24-hour revocation requirement to be a bit more nuanced, but that's a separate discussion :-) Gerv
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list email@example.com https://lists.mozilla.org/listinfo/dev-security-policy