Kyle Hamilton wrote, On 2008-06-08 13:28: > My thought is that if there's any knowledge that a CA has that a key > has been compromised, the CA can no longer verify the binding of the > key to the subject -- which means that the certification should not > exist, and thus must be revoked.
On the points above, I agree with you completely, Kyle. > Then again, I'm something of a 'purist' when it comes to viewing what > a CA's responsibilities are. Me too. CAs are selling subscribers trusted credentials, not convenience. If the credentials are not trustworthy, then what is their value? _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
