On Wednesday, 15 February 2017 18:27:28 UTC+1, Gervase Markham wrote: > On 13/02/17 17:34, okaphone.elektron...@gmail.com wrote: > > Isn't this mostly something that CAs should keep in mind when they > > setup "shop"? > > > > I mean it would be nice to have a way of avoiding that kind of impact > > of course, but if they think it's best to put all their eggs in one > > basket... ;-) > > Well, if it's harder for us to dis-trust an intermediate with many leafs > due to the site impact, the CA may decide to do it that way precisely > because it is harder!
Ehm... play chicken? Nah, perhaps better not. ;-) So you really would like to make distrust more doable. But if it doesn't "hurt" enough you don't get the effect you want either. Difficult to know what level would be optimum. So I guess that means what you really need is a certain scalability in the solution. (Thanks for explaining. I'm just trying to understand what is happening here.) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
