> While denial of service is legitimately in the threat model, the risk of > the attack is not increased by marking a CA trusted. If an attacker is > able to falsely revoke a cert A and the CA that issued that cert is > marked as trusted, the user is denied service.
and mozilla users who relied on that trusted CA are harmed.
> If an attacker is able > to falsely revoke a cert A and the CA that issued > the cert is not marked as trusted, the user is still denied service.
Then the mozilla user community does not rely on that CA, and rely instead on other CAs who take adequate precautions against false revocations, and are not harmed (have less probability of being harmed).
So, evaluating CA's susceptability to fraudulent revocations is a worthwhile criteria because it reduces the probability of harm to mozilla users from false revocation.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
