Gervase Markham <[EMAIL PROTECTED]> writes: >There's been some discussion of revocation services deep in other threads.
>I think understanding these is important, and I suspect my knowledge is >too limited; does anyone have a link to a primer? >What proportion of CAs run a revocation service? >What proportion of them use OCSP? You forgot the most important one: What proportion of them are of any use in SSL? Using the X.509 CRL reason codes as usage cases, "key compromise" is unlikely to be useful unless the attacker helpfully informs the server administrator that they've stolen their key, "affiliation changed" is handled by obtaining a new certificate for the changed server URL, "superseded" is handled in the same way, and "cessation of operation" is handled by shutting down the server. In none of these cases is revocation of much use. (It does however make a nice distraction from addressing security UI issues :-). Peter. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
