Frank Hecker wrote: > So personally I'd consider a 5-day timeframe reasonable, and based on > past conversations with people doing update releases, I think it might > be pushed down as low as 3 days.
OK, seeing as 5-days this hasn't raised too many eyebrows, I've fixed up this page: https://wiki.mozilla.org/CA:Recommendations_for_Roots#Revocation_of_the_Root > http://www.mozilla.org/security/announce/ Thanks, incorporated. > Also note that IIRC the Firefox automated update mechanism doesn't > update all users at the same time -- it's staggered a bit to avoid > overwhelming the update servers. OK, note added, thanks. One question: Is there a list of NSS user applications anywhere? Incomplete is fine. Comments welcome! For me, the story seems now to be at "done, documented, maintain." Interesting as the discussion has been, there appears no better way to resolve the tension between PKIX/NSS and CA needs other than by doing a manual/human/business process, so this is "as good as it gets." Thanks to all. iang
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
