On Wed, Dec 13, 2017 at 5:19 PM, Tim Hollebeek via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> There are also the really cool hash-based revocation ideas that actually > do help > even against active attackers on the same network. I really wish those > ideas got > more serious attention. > > -Tim > I'm not sure it's fair to conclude that the lack of implementation is equivalent to lack of serious attention :) But there's also a host of systemic policy issues with revocation that would need to be tackled. Which is not to say we shouldn't explore them - but that they may not be the long pole or the tricky part, so we may want to make sure we're holistically prioritizing the right stuff :) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy