Ian Grigg wrote:
Julien Pierre wrote:
Ben,
Ben Bucksch wrote:
What about the model I proposed? First cert for a person is either CA-based or self-signed, subsequent certs *must* be authorized and signed by the previous cert or will be treated as attack.
If the key for the first cert was compromised (fell into the wrong hands), and that cert was self-signed, how can you possibly do revocation on it ?
Why can't a self-signed cert/key revoke itself?
Unless the user lost the private key, *and* it fell into someone else's hands... That would be a nuisance.
That's precisely the case I was concerned about. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
