On 02/10/2012 01:26 PM, From ianG:
So, any routine "compromise" or "replaced" or "not-sure" or NULL issues aren't to be in there. Which gets it down to numbers less than 1000 for the entire industry -- ones where the CA knows there is trouble.
From the point of view of a CA (me) it really doesn't matter - certificates can be either valid, expired or revoked. It's just basic PKI - a revoked certificate is not valid.
Certificates can't be a little bit valid, a little bit not valid, just a little bit revoked, not so strongly revoked, slightly revoked or just a little bit longer valid than the expiration date and so forth.
Or maybe CAs can start to issue certificates that are slightly valid, sometimes valid and sometimes not, introduce revocation-mild for beginners and for heavy users a super-strong revocation with double belts. Which type of revocation are you? Make your choice....
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto