S/MIME revocation lists signed by different CA?
Bernd Eckenfels
lists at lina.inka.de
Wed Aug 4 22:05:50 CEST 2010
On Wed, Aug 04, 2010 at 10:50:08AM +0200, Werner Koch wrote:
> really useful. What is the threat model? Another CA would be able to
> revoke a certificate - Is that actually more harmful than this other CRL
> issuing a fake certificate? I doubt that.
The other problem is, that the CA can issue an empty CRL and effectively
re-activating already revoked certs. Its as unlikely.
Gruss
Bernd
More information about the Gnupg-devel
mailing list