Ryan Sleevi <[email protected]> writes: >Is the belief then that they are added, but then never maintained, and >therefore browsers should intervene and prevent their addition
No, more that browsers should complain about certs with outrageous, and in cases where the maximum lifetime is supposed to be 25 years outright invalid, attributes in the hope of giving the organisations creating and deploying them pause about what they're doing with their certificates. If browsers are happy to accept any old rubbish in certs then organisations will keep deploying certs with any old rubbish in them - it's a sanitary issue more than a security one. Peter. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SY4PR01MB6251A423AAD5900BA2D30157EEB79%40SY4PR01MB6251.ausprd01.prod.outlook.com.
