It is kind of sad that this discussion has become "CAs should not revoke certificates when the private keys are exposed because Java cannot handle CRLs reliably". That says more about the failures of Java than it does failures in PKIX.
--Paul Hoffman -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
