On Wed, Aug 09, 2017 at 04:21:19PM +0200, Jakob Bohm via dev-security-policy wrote: > On 08/08/2017 20:46, Alex Gaynor wrote: > > It's from the BRs 4.9.1.1: > > > > The CA SHALL revoke a Certificate within 24 hours if one or more of > > the following occurs: > > > > It's also not a penalty on the CA, it's a remediation step for them to > > undertake. > > > > It is a disruption and penalty to the 3rd party certificate holder to > have their certificate suddenly revoked due to a bureaucratic mistake at > the CA.
If a certificate holder feels that they have been materially damaged as a result of their CA's negligence, they should take that up with the CA. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy