Hello,
I'd like to start a discussion about some practices among other commercial CAs that have recently come to my attention, which I personally find disturbing. While it's perfectly appropriate to have Terms and Conditions associated with digital certificates, in some circumstances, those Terms and Conditions seem explicitly designed to prevent or hinder customers who wish to switch to a different certificate authority. Some of the most disturbing practices include the revocation of existing certificates if a customer does not renew an agreement, which can really hinder a smooth transition to a new provider of digital certificates, especially since the customer may not have anticipated the potential impact of such a clause when they first signed the agreement. I'm particularly concerned about this behavior because it seems to be an abuse of the revocation system, and imposes costs on everyone who is trying to generate accurate and efficient lists of revoked certificates (e.g. Firefox). I'm wondering what the Mozilla community thinks about such practices. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy