Ian G wrote:
On Friday 20 May 2005 23:47, Jean-Marc Desperrier wrote:
Gervase Markham wrote:
Er, given that we have no OCSP and no-one's checking CRLs, I think
losing a root cert which is embedded in 99% of browsers out there would
be an _extremely_ big deal.
But OCSP/CRL can not help in case of *root* cert compromission.
There's nothing above it to sign the validity information.
Can't it revoke itself?
Ah, I was wondering when paradoxes would enter this discussion.
CA self revocation: Everything I say is a lie.
"I think not" said Descartes, who promptly vanished.
--
Nelson B
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
