On 15 March 2016 at 14:03, Rob Stradling <[email protected]> wrote: > On 15/03/16 13:50, Ben Laurie wrote: > <snip> >> >> 3. Always revoke bad certs that appear in logs! > > > If the intermediate is being blacklisted, would you really trust the CA to > revoke all of the logged end-entity certs? > > We need revocation mechanisms that are effective without having to trust the > CA.
I will not argue with that. _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
