Eddy Nigg wrote:
[...]
Well, this thread started out with the request that Mozilla should
change it's policy to require CAs revoke certificate when the private
key is known to be compromised.
Given the practical problems of revoking a very large number of
certificates, I'd consider it acceptable if the policy only requires the
CA to :
- make the client aware of the situation
- get the certificate promply replaced if it is actually used on an open
network.
- revoke it if there's a failure to get it replaced within an acceptable
timeframe
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto