Ka-Ping Yee wrote: > Ka-Ping Yee wrote: >> An effective revocation mechanism, temporary or permanent, for CAs >> and for individual certificates, would probably help to some degree. > > On Tue, 7 Nov 2006, Eddy Nigg (StartCom Ltd.) wrote: >> I'm afraid, but this isn't something the browser vendor controls, only >> the CA. Not feasible. > > But if certificate revocation is going to work, doesn't it have to be > implemented by the browser? Couldn't there be a role for Mozilla to > play here?
Microsoft distributes a list of bad certificates, I don't see why mozilla can't do the same. Funnily enough this solution came about when certificates were falsely issued for Microsoft. -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
