Certificate Improvements: Unified Certificates And Revocation Servers
not pursuing
Jonathan Bullock
Add Revocation servers to Root Certificates in case of breach and use Use just one Root CA instead of both netalerts and DNSFitler. Preferably Keeping DNSFilter Root CA since it's more explanatory and retire NetAlerts.
This update would decrease complexity and improve reliability and security for client connections.
Here are some related items about Certificate Revocation Lists(CRL's)
I.E.T.F. RFC 5280
FIPS 140 (FedRamp Market Place)
ISO/IEC 9594-8:2017
Minetta Gould
marked this post as
not pursuing
Appreciate the thoughtful input on certificate management! At this time, we don’t plan to unify our root certificates or add revocation servers. The current setup meets our reliability and security standards, so we’ll be keeping it as-is for now. Thanks for outlining your perspective — feedback like this helps us evaluate future adjustments to our certificate strategy.