[cabfpub] Need exception to 1024-bit revocation requirement

Gervase Markham gerv at mozilla.org
Fri Jun 7 16:06:32 UTC 2013


On 07/06/13 16:54, Rick Andrews wrote:
> I agree with you that the greater risk is to users of these devices,
> not so much to users of web PKI.

You say "not so much"; can you think of _any_ risk to users of the web
PKI? I'm not sure I can...

> Please try to see this from the customer's perspective. As far as
> they are concerned, Visa is the controlling entity for the use of
> these devices. Then the CABF comes along and tells them they have to
> phase them out sooner because of risk to browser users.

If my understanding is correct, then I would be of the view that we,
Mozilla, should accept a BR audit from Symantec which has an exception
for this particular situation. (But it's Kathleen who decides.)

Gerv



More information about the Public mailing list