Eddy Nigg wrote: >Which is obviously not correct. Most revocations happen due to loss and >compromise of private keys, retirements, software bugs, misuse, but >seldom due to validation failures.
I would be surprised if a single public-TTP-issued server-certificate has ever been revoked due to loss or compromise of private keys. But I don't *insist* that OCSP validation is a bad thing I just think that using plain-vanilla HTTP or rolling your own cer seem to be an easier way than faking an identity for a CA. Anders -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
