On Thu, Oct 1, 2020 at 6:39 AM Corey Bonnell via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > Although RFC 5280, section 5 [2] mandates that conforming CAs MUST produce > v2 CRLs, the CAs issuing v1 CRLs pre-date any browser root requirements > that mandate adherence to the RFC 5280 profile. To clarify: You mean the CAs were issued prior to 2012, yet are still trusted? That seems an easy enough problem to fix, in the spirit of removing roots and hierarchies that predate the Baseline Requirements 1.0 effective date _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy