Hi, On Tue, 6 Feb 2018 16:56:48 +0100 Kurt Roeckx via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > I should probably more clear, the certificates of the CA have been > revoked.
I'm wondering what that means. Is a revoked intermediate cert a license for operating a yolo CA that signs everything? Given the fragility of revocation checking I'd find that a problematic precedent. The OCSP seems operational and replies with "Good" and the issuance happened before it's being added to OneCRL. I don't find a reference why this intermediate had been added to OneCRL, but I think this deserves more clarification what's going on here. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy