Confirm, administrator
5,526
edits
Changes
m
→Concerns about Government CAs
* What would browsers do if a CA mis-issued a certifiate, but had a court-order to do so?
** We would blacklist the false chains. Would potentially blacklist all of the CA's root certs. This would impact the CA's business. Government CAs do not have a commercial interest, so there is less downside for a Government CA being removed than for a commercial CA being removed.
* Some Government CAs are very slow to respond when changes are made to policy, such as technically constraining subordinate CAs and becoming compliant with the Baseline Requirements. https://wiki.mozilla.org/CA:Communications#January_2013_Responses
== Suggestions about what to do about Government CAs ==
