On 13/10/09 16:18, Anders Rundgren wrote:
IMO putting OCSP or CRLs in public SSL certificates was never a particularly good idea because the only likely case for a revocation is when a CA fails to validate a customer. That has happened but not often enough to motivate the building of new infrastructure.
That's just not true. Debian weak keys and the recent \0 certs are both cases where customer validation was done to the appropriate level but the certs still had to be revoked.
Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
