[cryptography] How are expired code-signing certs revoked?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Dec 8 17:02:01 EST 2011


"mheyman at gmail.com" <mheyman at gmail.com> writes:

>In a CRL that contains an element that revokes the CRL signing certificate, 
>only that element can be assumed to be correct. All other list elements are 
>suspect.

Uhh, read my original text again.  This is your personal opinion.  Ask a bunch
of PKI people, or look at what real applications do, and you'll get any one of
the three interpretations I described.  The fact that you think this doesn't
mean that anything actually does it.

Peter.



More information about the cryptography mailing list