Did this whole thing start because someone at Trustico wanted to accelerate the process of getting their resold Symantec certificates reissued under a DigiCert trust path?
And somehow some misinformed soul imagined creating a revocation crisis would somehow help achieve that goal without significant consequences? If so, that surfaces a significant potential problem with the reseller ecosystem, which as I understand it has largely gone unaudited as yet (providing the CA actually provides the validation functions). It shows what havoc a reseller can cause from poor judgement. Then there's the issue of a reseller holding onto the private keys indefinitely... _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
