On 18/05/2020 07:14, Werner Koch via Gnupg-users wrote: > Go readup on the failures and impracticalities of CRLs and OCSP.
While I agree that revocation is a Very Hard Problem, I'm not convinced that its abandonment is warranted. Letsencrypt have sidestepped the issue by issuing short-expiration certs and requiring users to continually refresh. This is practical for servers under X509 (where automation is easy and the trust model is centralised) but not for hyper-distributed PGP. So while revocation cannot be entirely relied upon, it's still better than nothing and I think we should continue to support it as best we can. -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
