Re: Let's Encrypt: Failure to revoke key-compromised certificates within 24 hours

Apologies for the delay here. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1625322 for this. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy

Re: Revocation as an independent user agent decision

On Thu, Mar 26, 2020 at 4:45 PM Ian Carroll via dev-security-policy wrote: > > Hi all, > > A recent thread on CAs using contractual terms to revoke certificates has > made me want to bring up a topic that I am surprised does not come up more: > removing the control of revocation from CAs and

Revocation as an independent user agent decision

Hi all, A recent thread on CAs using contractual terms to revoke certificates has made me want to bring up a topic that I am surprised does not come up more: removing the control of revocation from CAs and moving it to the user agent. While this is an idea that requires the backing of a user