top | item 45487417

(no title)

alanfranz | 4 months ago

One thing the article doesn’t mention is that a lot of certs are revoked for purely admin reasons. CeasedOperations seems to be the case for Flair - nothing bad happened to the key, but the cert was revoked nevertheless.

This seems to be a common practice for some CAs or companies, but it’s not required AFAICT; and it contributes to the gigantic CRLsets that we have - most of those revocations wouldn’t actually be needed from a security pov.

discuss

No comments yet.