Florian Weimer wrote:
Perhaps Mozilla should change its policy to require CAs to revoke certs
when the private key is known to be compromised, whether or not an attack
is in evidence, as a condition of having trust bits in Firefox.
I don't think this can be made a requirement. Sudden improvements in
cryptanalysis are possible, and you don't want to turn that into an
effective DoS attack on Internet users, do you?
If the security of a root is compromised, I would expect its trust to
removed, otherwise there is an illusion of security where in reality
there is none.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
