Mats Nilsson <[EMAIL PROTECTED]> writes:
>Should a self-signed root certificate ever need to be revoked, shall it list
>itself in its usual CRL(s), as the last thing it does before it is thrown
>away, or is it sufficient (from its users' standpoint) that it simply ceases
>to issue more CRLs?
Noone knows (and I don't just mean that as a shoulder-shrug response, I mean
that noone, at least on the PKIX list, actually knows what's supposed to happen
in this situation). The behaviour from current apps is that some will accept a
self-revocation, some will reject it, and a small number will crash or fail in
some other way.
Peter.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
