I would like to get further information as to why you don't think revocation does not work? I'll admit that in the case of the revocation of Sun's certificates, it was very apparent that the notification process was weak. The other piece, the browser checking of expired/revoked certificates is non-existent but if you properly set up your application, it "should" check the revocation status of both the CA certificate and the subscriber's certificate. Your thoughts? Bram Cohen wrote:
On Wed, 22 Nov 2000 Lynn.Wheeler@firstdata.com wrote:
the other scenerio that some certification agencies have expressed (i.e. licensing bureaus, bbb, consumer report, etc operations) is that in the online world ... that they would provide an online service .... rather than certificates designed for an offline world.
Yes, it seems fairly well established that revocations just plain don't work.
Once again, the solution to the problems of offline operation appears to be online operation.
-Bram Cohen
For help on using this list (especially unsubscribing), send a message to "dcsb-request@reservoir.com" with one line of text: "help".