S/MIME revocation lists signed by different CA?

Bernd Eckenfels lists at lina.inka.de
Wed Aug 4 22:05:50 CEST 2010

On Wed, Aug 04, 2010 at 10:50:08AM +0200, Werner Koch wrote:
> really useful.  What is the threat model?  Another CA would be able to
> revoke a certificate - Is that actually more harmful than this other CRL
> issuing a fake certificate?  I doubt that.

The other problem is, that the CA can issue an empty CRL and effectively
re-activating already revoked certs. Its as unlikely.


More information about the Gnupg-devel mailing list