Kyle Hamilton wrote: > RFC3280 has been obsoleted by RFC5280. Aside from that, though... > > ...did the people who created PKIX just not realize that if a non-root > certificate needs the ability to be revoked, a root certificate would > also?
Hi Kyle, Of course it was realised, but what they did is to kick it up to the business layer to solve. All software of this nature needs to be seen in the context of libraries, applications, humans, and businesses, etc, and any one thing can be solved at multiple places and sometimes by a combination of the components working together. The other thing to realise is that the committees are generally driven by business interests. So, if they kicked this issue upstairs to the business layer, then we can be pretty sure that this was a preferred and acceptable choice for the businesses. E.g., that is how it is wanted. Import of which is that each business has to sort it out, and make sure they have a solution in place. That's where we are today, getting a solution in place for Mozo. iang
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto