ianG <[email protected]> writes: >C.f., revocation is broken. The disablement of OCSP checking has been ... >errrr widely suggested. > >Which leads to a curious puzzler; if it doesn't work for users, who does it >work for? Ah, the cynicism :P
There are a number of revocation vendors who have (or had, a few years ago) a considerable revenue stream built around selling OCSP services. Identrus(t) was one of those. The problem was that some silly CAs were misguided enough to take the whole OCSP theatrical performance public, spoiling it for everyone. Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
