The PKIX standard can deal with problems of this extent. If an implementation of the standard cannot, then the implementation is nonconforming, and cannot be expected to interoperate.
in other words, it's the implementation's fault, not the standard's. (Yes, a standard has the responsibility to make it *possible* to implement it properly, but if other PKIX implementations can handle it and Java cannot, then the problem is squarely in Java's court, and can only be appropriately dealt with there.) -Kyle H On Fri, Jan 30, 2009 at 8:39 AM, Paul Hoffman <phoff...@proper.com> wrote: > It is kind of sad that this discussion has become "CAs should not revoke > certificates when the private keys are exposed because Java cannot handle > CRLs reliably". That says more about the failures of Java than it does > failures in PKIX. > > --Paul Hoffman > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
