On Tue, Jul 25, 2017 at 12:57:44PM -0400, Alex Gaynor via dev-security-policy 
> Following up on this (and really several other threads). The BRs require
> mis-issued certs to be revoked with 24 hours of the CA becoming aware. CAs
> are required to track m.d.s.p. per the Mozilla Root Policy, so really
> notifying this list _ought_ to qualify as notifying the CAs.

I think requests for revocation should be done using the contact
information they provided to do that.


dev-security-policy mailing list

Reply via email to