* Peter Kurrasch via dev-security-policy:
> By "not new", are you referring to Google being the second(?) instance
> where a company has purchased an individual root cert from another
> company? It's fair enough to say that Google isn't the first but I'm
> not aware of any commentary or airing of
* Nick Lamb via dev-security-policy:
> In order for Symantec to reveal anybody's private keys they'd first
> need to have those keys, which is already, IIRC forbidden in the
> BRs.
I think this requirement was dropped because it makes it unnecessarily
difficult to report key compromises. There
2 matches
Mail list logo