Ian,
Ian G wrote:
Is there any reason why the message cannot be delivered by the
current channels? CRL, OCSP?
Yes, there is one : the fact that trust anchors are specifically
excluded from CRL and OCSP revocation checking in PKIX standards.
In other words, no PKIX-compliant software,
Kyle,
Kyle Hamilton wrote:
I think we all understand that the basic concept of a root-signed
self-revocation is workable, in principle, at the information level.
There may be substantial implementation questions...
There are those who don't think so, since the operations defined at
the Root
Eddy,
Eddy Nigg wrote:
- software that uses NSS but isn't a product of Mozilla
Those products have to figure out where they pick up NSS.
Various vendors have come up with different solutions.
Both Sun and Red Hat have integrated NSS into the OS, and you can get
the NSS libraries
Well, it turns it it was a dumb but easy fix.
I had exchanged a cert with my friend awhile ago, then
I went through the notary process to add my name to my
cert and that apparently changes my cert. My friend
was using my pre-notary cert.
He was using Mac-email and apparently it did not notice
Julien R Pierre - Sun Microsystems wrote:
How do we revoke Mozilla's root?
By updating mozilla software :)
Certainly not by issuing a CRL. Mozilla doesn't have the keys needed to
issue a CRL to revoke any root. (CRL's must be signed by the issuer, or
by an agent with the appropriate key
5 matches
Mail list logo