Isn’t this a means to effect a denial of service attack? End users maybe “smart” enough to click on the message that allows them to connect anyway, but there are many application stacks out there that fall apart once the certs that control their encrypted connections are revoked…
> On May 15, 2015, at 11:10, Daniel Kahn Gillmor <[email protected]> wrote: > > If I compromise your secret key, the nicest possible thing i can do with > it is get it revoked. There is no reason to prevent this action from > anyone who has access to the secret key.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
