Florian Weimer wrote:
Can't you strip the certificates which have expired from the CRL? (I know that with OpenPGP, you can't, but that's a different story.)
Yes, you can. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
