Ryan Sleevi via dev-security-policy <dev-security-policy@lists.mozilla.org> writes:
>An alternative solution to the ossification that Alex muses about is to >require that all CAs must generate (new) roots on some interval (e.g. 3 >years) for inclusion. That is, the 'maximum' a root can be included in a >Mozilla product is 3 years (or less!) Unless someone has a means of managing frequent updates of the root infrastructure (and there isn't one, or at least none that work), this will never fly. There's a reason why roots have 20-40 year lifetimes and why they get on-sold endlessly across different owners rather than simply being replaced when required. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy