Ka-Ping Yee wrote:
An effective revocation mechanism, temporary or permanent, for CAs and for individual certificates, would probably help to some degree.
That is a good idea. Perhaps the policy should be to revoke 10,000 individual certificates issued immediately before and after a known-bogus one. The sites in question will have plenty of warning, thanks to our open process, and it will bite the CA in the pocket book.
- Rob _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
