Ian G wrote, On 2008-10-20 22:41:
Nelson B Bolyard wrote:
It is widely agreed that, since KCM has no central revocation facility,
KCM is not central, period. Talking about revocation is a strawman.
I should have said central revocation SERVICE. Sadly, it DOES have a
central revocation
Ian G:
Nelson B Bolyard wrote:
It is widely agreed that, since KCM has no central revocation facility,
KCM is not central, period. Talking about revocation is a strawman.
I think that's the point he is making.
What's your point? Sounds to me like most of the last 1000 security
bugs.
Paul Hoffman wrote:
If you want to to be able to revoke roots, please consider instead
getting active in the current work on TAMP (trust anchor management
protocol) being discussed in the PKIX WG.
Thanks for the suggestion; I presume that
Frank Hecker wrote:
[I'm trying to catch up on these threads, my apologies for the delay. I
don't have time to respond to every message, unfortunately.]
(I understand, I also feel the pressure.)
Ian G wrote:
If that was true, there would likely be an agreement between Mozilla
and Verisign
At 2:02 PM + 10/21/08, Frank Hecker wrote:
Paul Hoffman wrote:
If you want to to be able to revoke roots, please consider instead
getting active in the current work on TAMP (trust anchor management
protocol) being discussed in the PKIX WG.
Thanks for the suggestion; I presume that
Kyle,
Kyle Hamilton wrote:
On Mon, Oct 20, 2008 at 5:31 PM, Julien R Pierre - Sun Microsystems
[EMAIL PROTECTED] wrote:
If the root could revoke itself, in the case of root cert key compromise,
ie. the root cert's private key becoming public, anybody could then sign
revocation information for
6 matches
Mail list logo
