Paul Hoffman wrote:
At 3:45 PM -0800 1/21/09, Nelson B Bolyard wrote:Perhaps Mozilla should change its policy to require CAs to revoke certs when the private key is known to be compromised, whether or not an attack is in evidence, as a condition of having trust bits in Firefox.Fully agree.
Thirded. I'm surprised that isn't already the case :-( -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
