Er, given that we have no OCSP and no-one's checking CRLs, I think losing a root cert which is embedded in 99% of browsers out there would be an _extremely_ big deal.
But OCSP/CRL can not help in case of *root* cert compromission. There's nothing above it to sign the validity information. _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
