Ian G wrote: > It's not a paradox, as a self-revocation is a fairly > solid signal that simply can't be rolled back; other > systems seem to get on fine with it without vanishing > into their own paradoxes.
This isn't directly directed to you Ian, but wasn't Frank and others discussing a similar certificate distribution system that MS has implemented to cover this exact situation (and to also include adding new certs to old installs) In this situation MF doesn't need to sign all roots, it simply just needs to push out an update... It works for bugs, why not for certificates? -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security