Ian G <[EMAIL PROTECTED]> writes: >On Friday 20 May 2005 23:47, Jean-Marc Desperrier wrote: >> Gervase Markham wrote: >> > Er, given that we have no OCSP and no-one's checking CRLs, I think >> > losing a root cert which is embedded in 99% of browsers out there would >> > be an _extremely_ big deal. >> >> But OCSP/CRL can not help in case of *root* cert compromission. >> There's nothing above it to sign the validity information.
>Can't it revoke itself? Sure, it just signs a CRL that states that all Cretans are liars, and then the CA root magically vanishes in a puff of un-logic. Peter. _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security