What's a CA to do if Microsoft demands a cert be revoked? Revoke: violate Mozilla policy Don't revoke: violate Microsoft policyhttps://twitter.com/Scott_Helme/status/989826773876727815 …
-
-
Replying to @__agwa
Spend time on writing an OCSP/CRL revocation reason so that Mozilla (and the ecosystem) can ignore? Convince Microsoft to not be dumb (especially since their clause ONLY applies to DV
)1 reply 0 retweets 3 likes -
Replying to @sleevi_
Microsoft will need to be less dumb. Revocation reason is shortsighted because the logical next step for their dumbness is forcing CAs to check SmartScreen prior to issuance.
1 reply 0 retweets 0 likes -
Replying to @__agwa
I don’t think that’s on the same order of badness tho. For example, LE checks GSB prior to issuance.
1 reply 0 retweets 0 likes -
Replying to @sleevi_
Why isn't that as bad? Either way Microsoft is able to control who can have a working cert. Also, would LE check GSB if not for the High Risk requirement in BRs?
1 reply 0 retweets 0 likes -
Replying to @__agwa
Because the ability to knock off arbitrary sites is an order of magnitude different than simply not doing business with a site. Same way registries can block registrations
1 reply 0 retweets 1 like -
Replying to @sleevi_
A denied renewal can knock a site off-line. It's just matter of how much notice the site gets.
1 reply 0 retweets 1 like -
Replying to @__agwa
Well, presumably someone is renewing well before expiration
1 reply 0 retweets 0 likes
Now we're just haggling over the price 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.