Spend time on writing an OCSP/CRL revocation reason so that Mozilla (and the ecosystem) can ignore? Convince Microsoft to not be dumb (especially since their clause ONLY applies to DV
)
-
-
-
Microsoft will need to be less dumb. Revocation reason is shortsighted because the logical next step for their dumbness is forcing CAs to check SmartScreen prior to issuance.
-
I don’t think that’s on the same order of badness tho. For example, LE checks GSB prior to issuance.
-
Why isn't that as bad? Either way Microsoft is able to control who can have a working cert. Also, would LE check GSB if not for the High Risk requirement in BRs?
-
Because the ability to knock off arbitrary sites is an order of magnitude different than simply not doing business with a site. Same way registries can block registrations
-
A denied renewal can knock a site off-line. It's just matter of how much notice the site gets.
-
Well, presumably someone is renewing well before expiration

-
Now we're just haggling over the price
End of conversation
New conversation -
-
-
Obviously ignore the request - at worst, users of awful deprecated browsers will be affected.
-
Not so. Chrome on Windows delegates to Windows trust store.
-
Eew. Why?
-
Probably mostly for enterprise PKI needs, but I'm guessing also the Federal PKI plays a part. It's not run to standards required by Mozilla program, but is conspicuously included in the Apple and Microsoft programs.
@sleevi_ could say, but I think he has me blocked on Twitter. -
I have this thing where I grate on some people's nerves.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.