Gervase Markham wrote:
But if we knew that, why didn't we just yank the cert anyway?
Good question.
If we had a message along the lines of what I wrote for yanked certs (as opposed
to never-added certs, where the message would need to be different), instead of
our current goobledygook, I'd be happier yanking certs.
As things stand, if we yank a cert all users see is an unintelligible alert.
-Boris
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
