Nelson B Bolyard wrote: > It may be reasonable for a CA to assume that the subscriber has taken due > care to generate a good key pair at the time that the certificate signing > request is received, but at such time as the CA has evidence that the key > is compromised (especially public evidence), then there can be no further > true assurances for the binding, and the CA is responsible to act, IMO.
I strongly agree. Especially in this particular case. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
