Robert Sayre wrote:
That is a good idea. Perhaps the policy should be to revoke 10,000 individual certificates issued immediately before and after a known-bogus one. The sites in question will have plenty of warning, thanks to our open process, and it will bite the CA in the pocket book.
Right - so we punish 10,000 random companies by making them buy new certs, because they happened to buy their original ones from the wrong CA? That would make us very popular.
Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
