And to borrow an old turn of phrase, if the penalty for a violation is a fine, then the law only applies to poor CAs.
Mike On Thu, Jun 12, 2025 at 7:22 PM Mike Shaver <[email protected]> wrote: > (Not speaking for my employer.) > > Is this actually a problem that needs attention? How many certs, > pre-Microsoft(*), have been revoked due to CPS errors? Is it even six > figures? > > Maybe this energy would be better directed towards things like greater > audit transparency, which might actually improve the security of the web. > > (*) Microsoft is in the millions but they’re going to just let most of > them expire instead of actually doing the revocation—shh! I don’t think > we’re supposed to notice that! > > Mike > > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADQzZqtpZq6TEwL8%2B9Pptvq_MkZF6j-k7qFJ0gh_K6vXd2MZAA%40mail.gmail.com.
