Robert Joop schrieb:
>
> the current certificate revocation stuff assumes that the user
> - still has the key
Bug #409602
> - uses netscape
> - is willing to turn javascript on
>
> any of these may not be given.
>
> what about the "PIN" that the user had to enter when they applied for
> the certificate?
> its only purpose is to authenticate the certificate owner in the case of
> revocation, right?
>
> apart from its disadvantage that the user may have forgotten their
> password, using it has the advantage that none of the above three
> conditions must be met.
>
> so, it looks like the best solution is to implement both ways?
> (but i think the PIN based way is more important than the signature
> based way, because that's what works if e.g. the key got stolen.)
The solution for the known bug #409602 will be implemented in exact this
way. I plan a second solution where the RA Operator itself do the
initial revocation request. This works like a helpdesk.
Regards Michael
-----------------------------------------------------------------------
Michael Bell E-Mail: [EMAIL PROTECTED]
Rechenzentrum - Datacenter Tel.: +49+(0)30-2093-2482
Humboldt-University of Berlin Fax.: +49+(0)30-2093-2959
Unter den Linden 6
10099 Berlin
Germany
Kryptographische Unterschrift mit S/MIME
