On Fri, Mar 8, 2019 at 4:03 PM Jeremy Rowley <jeremy.row...@digicert.com> wrote:
> Apologies, I realize that Mozilla’s policy is that revocation is up to the > CA and there is no such thing as an exception. A more careful way to state > what I meant is that I’m surprised that there is not more discussion around > the revocation of all of these certificates and the impact to the ecosystem > compared to an assumption that they will all be revoked. There has been > some discussion of course, but 1.8 million certificates is a lot of > certificates to replace. I’d think to see more discussion here from GoDaddy > about ether they are replacing the certificates or not and the pros and > cons of doing so. > > > I agree - disclosure and discussion is an important element of situations such as this. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy