On 02/11/2011 05:56 PM, From Stephen Schultze:
Thus, the CA DV model provides no clear comparative benefit with respect to revocation abilities. In fact, by removing the need to proactively revoke, DANE improves reduces the spectrum of exploits
....improves reduces the spectrum of exploits... does this make any sense?
. It also places revocation power directly in the hands of the subscriber.
That's the same as self-assertion. Most subscribers that have their certificates revoked not due to their own request, are probably not very happy about it. They certainly wouldn't revoke their own certificate and it's not meant to be that way. The issuer is obviously not the same entity as the end user - surprise.
It's the assertion by a third party that provides the value. -- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
