> My proposal is that root programs require CAs to accept revocation reqests > from the root programs themselves for randomly-chosen certificates. At > random intervals, a root program sends a (suitably > authenticated) email to the CA's problem reporting address stating "this > certificate should be considered compromised as of this moment, revoke in > line with the BRs". Frequency and volume could be tuned to issuance > volume, with upper and lower bounds as needed to ensure universal > coverage without unduly burdening any particular CA with excessive > administrivia.
Just wanted to highlight this proposal since it got lost in the later discussion ... I've had similar thoughts before, and this is an idea worth exploring. It would provide much more uniform and objective testing of the ability to rotate certificates, and would allow us to stop pretending that incidents are effective for that purpose (they aren't). -Tim -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SN7PR14MB649241B91111D9A7A7D0202583BA2%40SN7PR14MB6492.namprd14.prod.outlook.com.
smime.p7s
Description: S/MIME cryptographic signature
