On Wednesday, 1 March 2017 12:44:16 UTC+1, Gervase Markham wrote: > On 13/02/17 12:23, Gervase Markham wrote: > > The GoDaddy situation raises an additional issue. > .... > > What can be done about the potential future issue (which might happen > > with any large CA) of the need to untrust a popular intermediate? > > Suggestions welcome. > ... > If customers tend to renew annually, one could imagine a "January > intermediate", "February intermediate" and so on, and one uses the > former every January, etc. > ...
Or a different intermediate each day? ;-) I guess what you really are looking for is being able to distrust a CA for a date range. Any requirement that doesn't produce that is probably not worth the effort. CU Hans _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
