the current certificate revocation stuff assumes that the user
- still has the key
- uses netscape
- is willing to turn javascript on
any of these may not be given.
what about the "PIN" that the user had to enter when they applied for
the certificate?
its only purpose is to authenticate the certificate owner in the case of
revocation, right?
apart from its disadvantage that the user may have forgotten their
password, using it has the advantage that none of the above three
conditions must be met.
so, it looks like the best solution is to implement both ways?
(but i think the PIN based way is more important than the signature
based way, because that's what works if e.g. the key got stolen.)
rj
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/openca-devel
