Robert Sayre wrote: > Ka-Ping Yee wrote: >> >> An effective revocation mechanism, temporary or >> permanent, for CAs and for individual certificates, would probably help >> to some degree. > > That is a good idea. Perhaps the policy should be to revoke 10,000 > individual certificates issued immediately before and after a > known-bogus one. The sites in question will have plenty of warning, > thanks to our open process, and it will bite the CA in the pocket book. > I'm afraid, but this isn't something the browser vendor controls, only the CA. Not feasible.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
_______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
