Ben Bucksch wrote:
What about the model I proposed? First cert for a person is either CA-based or self-signed, subsequent certs *must* be authorized and signed by the previous cert or will be treated as attack.
If the key for the first cert was compromised (fell into the wrong hands), and that cert was self-signed, how can you possibly do revocation on it ?
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
