On Wed, Jun 22, 2016 at 8:21 AM, Ben Wilson <ben.wil...@digicert.com> wrote: > It seems to me that requiring the registration of these subordinate CAs > bloats the Salesforce database unnecessarily.
We've historically been at a chronic lack of data, rather than a chronic glut. I think we should definitely err on the side of too much - which would be a wonderful problem to have. As Eric (Mill) mentioned, revocation in practice is a complex and tricky thing. Having the data disclosed enables better tooling and better informs how best to handle revocation in practice. It also helps provide data for future bugs and incidents, by better informing scope of impact. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
