On Fri, Dec 08, 2017 at 11:55:46PM +0100, Hanno Böck via dev-security-policy wrote: > So I wonder: If a CA signs an intermediate - are they responsible > making sure that reports brought to the subca are properly handled?
My first reaction would be if you sign it, you take responsibility. That would be either handling it yourself, or making sure that it's handled properly by the intermediate. But it's not obvious to me who to contact to revoke a given certifiate, and it would be really useful that given a certificate it would be obvious what to do, who to contact, to get it revoked. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy