True, but it's a start. You could objectively measure only the replacement certificates for publicly accessible websites, not the ones blocked by firewalls.
Dimitris. Dec 23, 2024 21:52:24 Matt Palmer <[email protected]>: > On Mon, Dec 23, 2024 at 05:54:43PM +0000, 'Dimitris Zacharopoulos' via > [email protected] wrote: >> FWIW, I don't like the approach of random revocations. I would prefer >> to focus on re-issuance and certificate rollover exercises by each CA, >> providing statistics of how subscribers perform, without any real >> disruptions. Instead of selecting certificates for revocation, select >> certificates for re-issuance and rollover in 5 days. > > Except that there is no way to objectively measure that rollover has > actually taken place. > > - Matt > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/a0c795c8-7f1e-4ff6-a5ee-8ae8c3e95d84%40mtasv.net. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/4072d67e-6e30-4c01-a18b-993b94102a41%40it.auth.gr.
