On Sat, Jul 04, 2020 at 08:42:03AM -0700, Mark Arnott via dev-security-policy wrote: > I was informed yesterday that I would have to replace just over 300 > certificates in 5 days because my CA is required by rules from the CA/B > forum to revoke its subCA certificate.
The possibility of such an occurrence should have been made clear in the subscriber agreement with your CA. If not, I encourage you to have a frank discussion with your CA. > In the CIA triad Availability is as important as Confidentiality. Has > anyone done a threat model and a serious risk analysis to determine what a > reasonable risk mitigation strategy is? Did you do a threat model and a serious risk analysis before you chose to use the WebPKI in your application? - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy