Julien R Pierre - Sun Microsystems wrote: > If the root could "revoke itself", in the case of root cert key > compromise, ie. the root cert's private key becoming public, anybody > could then sign revocation information for that root CA - whether to > mark it revoked or unrevoked.
Leaving aside the question of what the standards say for just a moment, what's wrong with that in principle? If you know a private key has been compromised, most of the time you still have the key - so why shouldn't or couldn't it be used to sign its own suicide note? Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
