On Wed, Jan 21, 2009 at 5:50 PM, Julien R Pierre - Sun Microsystems <julien.pierre.nos...@nospam.sun.com> wrote: > Paul Hoffman wrote: >> >> At 3:45 PM -0800 1/21/09, Nelson B Bolyard wrote: >>> >>> Perhaps Mozilla should change its policy to require CAs to revoke certs >>> when the private key is known to be compromised, whether or not an attack >>> is in evidence, as a condition of having trust bits in Firefox. >> >> Fully agree. > > Thirded. I'm surprised that isn't already the case :-(
Fourthed. If this isn't already the case, the already-minimal amount of trust I have in the PKI (which is already in abeyance) is completely undermined. -Kyle H -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
