On Fri, Mar 8, 2019 at 8:26 PM Peter Gutmann via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Daymion Reynolds via dev-security-policy < > dev-security-policy@lists.mozilla.org> writes: > > >Our goal is to reissue all the certificates within the next 30 days. > > Before everyone goes into an orgy of mass revocation, see the message I > just > posted "Why BR 7.1 allows any serial number except 0". As long as your > serial > number isn't zero, there's no such thing as a non-compliant serial number, > so > no need to revoke and replace great masses of certificates. > (Posting in an official capacity) I would strongly caution CAs against adopting any of these interpretations, and suggest it would be best for CAs to wholly ignore the message referenced. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy