* Chris Hills: > Florian Weimer wrote: >>> Perhaps Mozilla should change its policy to require CAs to revoke certs >>> when the private key is known to be compromised, whether or not an attack >>> is in evidence, as a condition of having trust bits in Firefox. >> >> I don't think this can be made a requirement. Sudden improvements in >> cryptanalysis are possible, and you don't want to turn that into an >> effective DoS attack on Internet users, do you? > > If the security of a root is compromised, I would expect its trust > to removed, otherwise there is an illusion of security where in > reality there is none.
Sure, but signing bogus stuff doesn't compromise the security of the root (as we've seen repeatedly). -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
