Richard Moore via dev-security-policy <dev-security-policy@lists.mozilla.org>
writes:
>If any other CA wants to check theirs before someone else does, then now is
>surely the time to speak up.
I'd already asked previously whether any CA wanted to indicate publicly that
they were compliant with BR 7.1, which zero CAs responded to (I counted them
twice). This means either there are very few CAs bothering with dev-security-
policy, or they're all hunkering down and hoping it'll blow over, which given
that they're going to be forced to potentially carry out mass revocations
would be the game-theoretically sensible approach to take:
Option 1: Keep quiet case 1 (very likely): -> No-one notices, nothing happens.
Keep quite case 2 (less likely): -> Someone notices, revocation
issues.
Option 2: Say something -> Revocation issues.
So keeping your head down would be the sensible/best policy.
Peter.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
