On Wed, Feb 28, 2018 at 9:13 AM, Eric Mill via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> On Wed, Feb 28, 2018 at 12:58 AM, apca2.2013--- via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > "I would like to again point out that simply waiting for misissued > > certificates to expire is not an acceptable response." > > > > This is a misunderstanding. > > We are preparing to revoke certificates immediately, rather than waiting > > for certificates issued prior to 2017 to expire. > > However, even if we revoke those certificates, if your judgment is not > > affected and our request is rejected, there is no point in doing it. > > > > So, to be clear, you would only revoke misissued certificates if required > to do so by Mozilla -- not because they represent control failures, or in > order to demonstrate to other root programs your CA's responsiveness and > the seriousness with which you take control failures. > > > > Please let us know if our request will be accepted by revoking all the > > certificates we issued prior to 2017. > > My comment was intended to point out that you are violating BR section 4.9.1.1(9) by not revoking these certificates. My comments were not intended to imply that revoking these certificates would change Mozilla's decision to deny this inclusion request. > > > Thank you > > APCA > > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
