Rich Salz wrote: > An org might consider its CRL private info ("ooh look, Fred must > have gotten fired")
In private email, I was prompted to explain this better. The issue is not when ONE cert is revoked, but when a large number, and you can make guesses about the number range. For example, an Identrus bank might lose a customer, revoking 100 certificates; a corporation might shut down a department, revoking a couple-dozen, etc. Hope this helps (more). /r$ -- Zolera Systems, http://www.zolera.com Information Integrity, XML Security ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]