Julien Pierre wrote:
Ian,
Unless the user lost the private key, *and*
it fell into someone else's hands... That
would be a nuisance.
That's precisely the case I was concerned about.
Ah, well. In that case, the user would have
to "revoke" via shouting from the roof tops.
Seems like a reasonable compromise. If a user
is concerned about this risk, then I suppose
they could use a CA-signed cert instead. But
for the average p2p email scenario, it would
be simpler just to mail the address book and
say "sorry, it ain't me."
iang
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
