On 08/06/17 10:17, Gervase Markham wrote: > What downsides would there be, other than the obvious "some sites might > break", to us just adding any such intermediate certs directly to OneCRL?
We provide reports which allow CAs to download the stored intermediate cert data: https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCertsCSV So if they don't want this to happen to them, all they need to do is write a script to download the data daily, compare it with their internal records, and send out an alert when it finds a discrepancy. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy