On Sep 6, 2013, at 11:51 PM, Marcus D. Leech <mle...@ripnet.com> wrote:

> The other thing that I find to be a "dirty little secret" in PK systems is 
> revocation.  OCSP makes things, in some ways, "better" than CRLs, but I still
>  find them to be a kind of "swept under the rug" problem when people are 
> waxing enthusiastic about PK systems.

Well, there are other saddles, as it were.  SPKI/SDSI both offer a path forward 
without needing a trusted CA...

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to