Rich Salz wrote:
> An org might consider its CRL private info ("ooh look, Fred must
> have gotten fired")
In private email, I was prompted to explain this better.
The issue is not when ONE cert is revoked, but when a large number, and
you can make guesses about the number range. For example, an Identrus
bank might lose a customer, revoking 100 certificates; a corporation
might shut down a department, revoking a couple-dozen, etc.
Hope this helps (more).
/r$
--
Zolera Systems, http://www.zolera.com
Information Integrity, XML Security
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
