Most of root store policies are not apply to them as they are no longer
publicly trusted as they are removed from trust store, but there are
enough unupdated clients that still trust such certificates (mostly
androids/ iot, I think)
should trust store start to require destroying root private key just
before its expireation? however then catastrophic event happens that
caused reject the CA does not have incentive to do any more about it though
--
You received this message because you are subscribed to the Google Groups
"dev-security-policy@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to dev-security-policy+unsubscr...@mozilla.org.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/394fb5b5-dc8b-01a2-cb56-edda91d0a590%40gmail.com.