Frank Hecker:
Yes, but as I understand it what is being discussed here is a more elaborate scheme whereby, for example, we (Mozilla) might run an actual CA just for the purpose of cross certifying the roots that we accept. Like Nelson, I can't remember who exactly was advocating this and what their arguments for this proposal were.
IIRC it was Ben Buksch? Otherwise memory is failing me...it was proposed almost two years ago during the EV discussion I think.
The idea was dismissed because of the burden and responsibility to run such a CA, the counter argument was, that certdata.txt has about similar requirements. The idea never got beyond that I think...
The issue was with regard to the CRLDP patent held by Entrust (which inherited it from Nortel). It's a long story, but basically due to some good work by Entrust and Sun the patent is no longer an issue as far as NSS is concerned, and the NSS team is free to implement CRLDP functionality in a future NSS release. I'll let them speak to exactly what their plans are.
That sounds like some great news! I just recently happened to come across a comment at Bugzilla (I think of Kathleen) where the patent issue was mentioned once again...so libpkix will have it? Nelson?
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
