[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Cancellation Notice

I may be missing the point, but if the purpose of a CCN is to tell a
certificate server not to issue a cert, destroy its copy, etc., its
usefulness is limited.  Once the certificate is issued and anyone else
has a copy, it really doesn't matter who doesn't have one, unless the
verifier's protocol doesn't accept certs from the supplicant but only
from a real-time server.  This seems to me to require more stringent
protocols even than CRLs.

I'm sure I am missing the point.  Somebody hit me with a clue.


Brian Thomas, CISSP - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                                    bthomas@primary.net
One Bell Center,  Room 34G3                          Tel: 314 235 3141
St. Louis, MO 63101                                  Fax: 314 235 0162