On Fri, 24 Jun 2022 15:27:23 +0300 Dimitris Zacharopoulos <[email protected]> wrote:
> I believe the requirement does not include the disclosure of Revoked > subCAs as they are not /"technically capable of issuing working > server or email certificates"/. I would like to point out that as far as I know very few implementations have strong revocation checks for intermediate certificates. I remember noticing that the OCSP for the Let's Encrypt intermediate was down, and for quite a while simply nobody noticed. So I would very much dispute that revoked subcas are not "technically capable of issuing working server or email certificates". -- Hanno Böck https://hboeck.de/ -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20220624203654.34b68f20%40computer.
