On Wed, Jan 21, 2009 at 5:50 PM, Julien R Pierre - Sun Microsystems <[email protected]> wrote: > Paul Hoffman wrote: >> >> At 3:45 PM -0800 1/21/09, Nelson B Bolyard wrote: >>> >>> Perhaps Mozilla should change its policy to require CAs to revoke certs >>> when the private key is known to be compromised, whether or not an attack >>> is in evidence, as a condition of having trust bits in Firefox. >> >> Fully agree. > > Thirded. I'm surprised that isn't already the case :-(
Fourthed. If this isn't already the case, the already-minimal amount of trust I have in the PKI (which is already in abeyance) is completely undermined. -Kyle H -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
