On 08/06/17 10:17, Gervase Markham wrote:
> What downsides would there be, other than the obvious "some sites might
> break", to us just adding any such intermediate certs directly to OneCRL?

We provide reports which allow CAs to download the stored intermediate
cert data:


So if they don't want this to happen to them, all they need to do is
write a script to download the data daily, compare it with their
internal records, and send out an alert when it finds a discrepancy.

dev-security-policy mailing list

Reply via email to