On 01/22/2009 03:50 AM, Julien R Pierre - Sun Microsystems:
Paul Hoffman wrote:
At 3:45 PM -0800 1/21/09, Nelson B Bolyard wrote:
Perhaps Mozilla should change its policy to require CAs to revoke certs
when the private key is known to be compromised, whether or not an
attack
is in evidence, as a condition of having trust bits in Firefox.
Fully agree.
Thirded. I'm surprised that isn't already the case :-(
+1
As a matter of fact, most CAs have policies in place which require them
upon knowledge of potential or *suspected* compromise to revoke ANY
certificate. I'm certain those policies exist for the top CAs covering
the majority of certificates. The keys are compromised, not only
suspected to be compromised. It's known which keys and certificates are
affected (by the CAs themselves). Failure to revoke is many times
non-adherence to their own policies.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
