I agree with that last sentence. Continuity of operations is primarily to keep revocation going. If revocation stops, rightful private key holders are therafter unprotected from damages due to compromised keys.
Would it make sense for MF to have some assurance by the CA that the CRL would be kept running for a minimum of 12 months after, either by their own, or by a 3rd party, or even MF?
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
