If a certificate is short-lived according to the definition in bug 1141189, I suggest it would be an improvement to make it so that revocation is non-overrideable. "Revocation" for a short-lived certificate means letting it expire, and so we should treat expiry and revocation the same. Sites which opt in to using short-lived certs should know that rotating their certs in a timely fashion is important. We may want to gate this on bugs which allow Firefox to have a better idea of what time it really is (as opposed to looking at the system clock, which can be wrong.) Gerv
This is probably blocked on us having a better idea of what time it is, independent of the user's system clock.
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.