Andrews, Rick wrote: >> That strikes me as a policy that one might describe as "attacker > friendly". >> I suggest: revoke first, contact later. >> >> When you revoke the certs, you're protecting your relying parties, and >> you can count on your relying parties to contact the subjects whose >> certs have been revoked. :) > > That's a good question, and I don't know the answer. I'll bring it up > with the business folks to decide what we should do.
I fear that your business people will only look at the customers' (subscriber) side. But as a relying party I'd want that certs for weak keys are revoked in any case. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
