Am 2012-02-19 02:46, schrieb Stephen Schultze: > > Brian, any thoughts on this? Is this something we should be holding out > for, or should we look to other approaches?
A different interesting approach for a punishment could be removal of the ability to create Sub-CAs. This would not put a CA out of business like other solutions, but hurt it and most importantly, remove an extremely risky ability. This could probably be done by removing the root and adding a new, modified cert that has a length constraint (possibly adding all still-allowed CA-owned sub-CAs if they issued Sub-CAs directly from their root). Kind regards, Jan -- Please avoid sending mails, use the group instead. If you really need to send me an e-mail, mention "FROM NG" in the subject line, otherwise my spam filter will delete your mail. Sorry for the inconvenience, thank the spammers... -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto