On 8-Aug-08, at 10:11 AM, Ben Laurie wrote: > > It also only fixes this single type of key compromise. Surely it is > time to stop ignoring CRLs before something more serious goes wrong?
Clearly many implementors have chosen to *knowingly* ignore CRLs despite the security implications, so my take away would be that the current public key infrastructure is flawed. -- Dick _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/