On 12/23/2008 10:23 PM, Daniel Veditz:
Maybe we need to build in something like a CRL that pings back to Mozilla that would let us revoke roots without having to ship a client update.
Of course we (@ mozilla) also take our lessons from this event, I'm sure. Indeed it was previously suggested here and I think we'll have to look at such options in due time.
Anything other than taking down their site is insufficient (as an immediate action to prevent further damage), specially in light of apparently more flaws in their system. Not having done that as I requested already two days ago isn't exactly comforting. Doesn't show really cooperation and good faith here...
...they'd do that better now before any more damage happens. I've warned them and requested to shut them down. My warning was ignored, their bad...
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto