I'm not sure if you're allowed to state this publicly. Has Microsoft giving you the go ahead?
On Fri, Dec 28, 2018 at 1:05 AM Jeremy Rowley via dev-security-policy < [email protected]> wrote: > I disagree that we won't get that. I think we could see a "it's okay to > wait > until April 30 for large pharmacy" or "Waiting until April 30 is too long > but March 1 is okay". I don't think Mozilla wants outages either. But... if > Mozilla did say that we should revoke now, that would be great as well. I'd > have a firm answer I can go back with. No risk, but no exception. > > Well except moral risk of course.... > > -----Original Message----- > From: dev-security-policy <[email protected]> > On > Behalf Of Matt Palmer via dev-security-policy > Sent: Thursday, December 27, 2018 5:55 PM > To: [email protected] > Subject: Re: Underscore characters > > On Fri, Dec 28, 2018 at 12:12:03AM +0000, Jeremy Rowley via > dev-security-policy wrote: > > This is very helpful. If I had those two options, we'd just revoke all > > the certs, screw outages. Unfortunately, the options are much broader > than > that. > > If I could know what the risk v. benefit is, then you can make a > > better decision? DigiCert distrusted - all revoked. DigiCert gets some > > mar on its audit - outages seem worse. Make sense? > > Given that Mozilla wants CAs to abide by its policies, which include > adherence to the BRs, and you appear to be saying that you'll adhere to the > BRs if you're threatened with distrust... I'd say the logical response from > Mozilla would be to threaten distrust. I doubt, especially now, that > you'll > get a categorical advance "it's OK to not revoke" from Mozilla. > > - Matt > > _______________________________________________ > dev-security-policy mailing list > [email protected] > > https://clicktime.symantec.com/a/1/JAUY6LMmpzDeGtxtOiXLJVWWYjWV65xcMjKoLj_GS > > gs=?d=2r4BCPONnLRAQaYxhIYsrR2xI_C73HdzeRvSzxfwF1rOccA0cfq95qcKptTpNVYkGzCfgl > > u40QMyhwHQJyWghm9tDreLIrUFB4D0ugqZlnn2SKyEI85b9QcQlb6I-o78NypjSLQRAUF9s9i5tF > > sXc6oVsnhZly7GCR8HrTZqfLEL8fXQKwA8A7MRCYPr2Hy61TCorYztrVr2u8IME1WcJdVQxd1tkB > <https://clicktime.symantec.com/a/1/JAUY6LMmpzDeGtxtOiXLJVWWYjWV65xcMjKoLj_GSgs=?d=2r4BCPONnLRAQaYxhIYsrR2xI_C73HdzeRvSzxfwF1rOccA0cfq95qcKptTpNVYkGzCfglu40QMyhwHQJyWghm9tDreLIrUFB4D0ugqZlnn2SKyEI85b9QcQlb6I-o78NypjSLQRAUF9s9i5tFsXc6oVsnhZly7GCR8HrTZqfLEL8fXQKwA8A7MRCYPr2Hy61TCorYztrVr2u8IME1WcJdVQxd1tkB> > > MIgZG8M74du5AO2ELfvkGfV3pBYbOUubjwoFhmqqgsHy5GyDIO_EZS68OavUwfNHvpkZ-5paTSWR > > yGwQFw0uz8CKa2kO0IOOBGt55A-WAyvJnhPJScUvwu_c9n2KmEljO7EbvvYGYA0E3Ef6rWWdpZbm > D8FZ39LChfaUgdEP4DX6Y%3D&u=https%3A%2F%2Flists.mozilla.org > %2Flistinfo%2Fdev- > security-policy > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
