> opening your window and shouting "Certificate 1234 from CA xyz is now revoked"
You do have a way with analogies.
> Does anyone know of any generally-available (non-special-case, single-vendor,
> customised, etc etc) application which will handle one of these cross-CRLs?
I believe Entrust does this. Baltimore used to kind-of do it; they had a
separate CRL-signing key, but the DN's were the same. I'm fairly sure that
both the CertCo and Valicert OCSP responders allowed you to specify an
alternate CRL-signing cert as a result. :)
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
