Rather than "for a minimum of 12 months", I would say "until the last issued EE cert expires". Then, yes, I think that makes sense.
This would have to be a policy decision for MF I think, and if you were to require this I also think that the MF would need to decide on a term that they would be willing to pay for domains and host CRL/OCSP stuff... If a company goes bust tomorrow, I doubt there would be any funding to keep a CRL/OCSP running beyond that, and I doubt any company large or small these days is beyond that with numerous "large" companies suddenly going out of business owing billions...
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
