Mozilla should probably add 'charging for revocation' to their list of problemat... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nailer on Sept 8, 2015 \| parent \| context \| favorite \| on: Sslip.io: A Valid SSL Certificate for Every IP Add... Mozilla should probably add 'charging for revocation' to their list of problematic practices (required to be included in Firefox). Not that revocating compromised certificates isn't already required, but just that some behavior by poor CAs needs to be explicitly pointed out: https://wiki.mozilla.org/CA:Problematic_Practices

brohee on Sept 8, 2015 [–]

What? Revoking expired certificate is not required, and would be a completely useless thing to do, bloating CRLs for no gain whatsoever.

nailer on Sept 8, 2015 | [–]

Sorry, my bad. I wrote 'revoking expired certificates' rather than 'revoking compromised certificates'. Now fixed.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact