On 12/09/2017 01:50 AM, Kurt Roeckx via dev-security-policy wrote: > But it's not obvious to me who to contact to revoke a given > certifiate, and it would be really useful that given a certificate > it would be obvious what to do, who to contact, to get it revoked.
Could it be useful to establish a practice of including such contact information in the certificate itself, e.g. requiring a URI in some standardized key containing the contact point? -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
