|
|
|
|
|
|
by rphlx
2967 days ago
|
|
|
> Microsoft's only option is to completely drop the root cert, right? So there's no real non-nuclear option... In small-scale disputes MS (and other browser vendors) would not have to nuke an entire large CA to get their way. In principle they could just blacklist the individual certs/names, leaving the CA's other certs alone. That ability/implied threat probably does mean that the CAs tend to comply with MS piracy/copyright-related revocation requests, because refusing to comply would piss off MS (and possibly law enforcement) without actually stopping them from getting their way by other means. |
|
|