the other way to look at it ... is why design something that is broken (i.e. offline certificates in an online world) and then turn around it have to patch it up (with various online CRLs) ... unless you are really interested in featuring how broken something is. there use to be a company that sold a lot of copying machines in the '80s ... the product was one of the worst in the industry with regard to paper jamming. they came out with a television ad campaign highlighting how easy it was to fix paper jams in their product (compred to other products ... which of course you hardly ever had to worry about fixing paper jams). misc. refs: http://www.garlic.com/~lynn/rfcietff.htm select terms in the above and then select SPKI ... rfc2692 & rfc2693 in many cases ... the use of (offline paradigm) certificaets are superfulous and redundant in an online environment ... much simpler to just register a public key with the relying party or if you prefer .... appended certificates, compressed to zero bytes ... significantly reducing the problem of revoking information carried in the zero byte certificate. http://www.garlic.com/~lynn/ansiepay.htm#aadsnwi2 http://lists.commerce.net/archives/ansi-epay/199910/msg00006.html in general http://www.garlic.com/~lynn/ random. other http://weever.vic.cmis.csiro.au/~smart/tpki.html Paul Crowley <paul@cluefactory.org.uk> on 11/23/2000 03:15:52 PM