On Sat, Jul 31, 2010 at 12:32:39PM -0400, Perry E. Metzger wrote:

> 1 If you can do an online check for the validity of a key, there is no
>   need for a long-lived signed certificate, since you could simply ask
>   a database in real time whether the holder of the key is authorized
>   to perform some action. The signed certificate is completely
>   superfluous.
>   If you can't do an online check, you have no practical form of
>   revocation, so a long-lived signed certificate is unacceptable
>   anyway.

But, if you query an online database, how do you authenticate its answer? If
you use a key for that or SSL certificate, I see a chicken-and-egg problem.

Met vriendelijke groet / with kind regards,
      Guus Sliepen <g...@sliepen.org>

Attachment: signature.asc
Description: Digital signature

Reply via email to