The project you propose is monumental in terms of 1) categorizing the hundreds of certificate classes offered by the dozens of CAs, and 2) auditing compliance with the new tiers. It could also take up to three years to bring the new classification system online, assuming CAs would only issue certificates with the new OIDs upon renewals. Ouch, to put it mildly.
_______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
