On Mon, Aug 29, 2011 at 08:09:02PM -0500, Raphael Geissert wrote: > On Monday 29 August 2011 16:03:57 Josh Triplett wrote: > > Whatever resolution Mozilla and others end up with (revocation of the > > certificate or of the entire CA), ca-certificates will likely need to > > do the same. > > FWIW, individual certificates can't be "revoked" in ca-certificates. > Shipping revocation lists is useless too.
Does OpenSSL not have any facility for a system-wide revocation list? Fortunately, in this case, the resolution involves disabling the DigiNotar Root CA entirely, which ca-certificates can do. - Josh Triplett -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
