On 15/03/16 13:50, Ben Laurie wrote: <snip>
3. Always revoke bad certs that appear in logs!
If the intermediate is being blacklisted, would you really trust the CA to revoke all of the logged end-entity certs?
We need revocation mechanisms that are effective without having to trust the CA.
-- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
