On Sun, Jun 08, 2025 at 04:37:24AM -0700, Suchan Seo wrote: > Wouldn't court just force CA to unrevoke TRO'ed certificate in that case?
An order to take an action is a very different beast from an order to _not_ take an action. The hint is in the name: a _restraining_ order. It stops an entity from doing something which may potentially cause the plaintiff harm, to give a court time to consider the situation more carefully. For more information, consult your friendly neighbourhood lawyer. However, I'd be more than happy for Mozilla to close that loophole, too, by making it clear that any "unrevocation" is another insta-kick action. That should be less controversial than my other suggestions, because (as far as I'm aware) there's no historical precedent of a CA ever unrevoking a certificate in contravention of the BRs, so there's no "inertia" of previous unsanctioned bad behaviour to overcome. - Matt -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/11711150-9678-4ed4-91e0-74ee2fe3eb41%40mtasv.net.
