> If a goal is to drive CAs to be more secure, one mechanism would be to make the
> default be to check CRLs, and not include root CAs unless they maintain CRL
> servers with good availability.
I personally use CAcert and they actually have a very good CRL system. Couldn't understand from the previous posts why the bogus certificate wasn't just revoked...
> If a goal is to drive CAs to be more secure, one mechanism would be to make the
> default be to check CRLs, and not include root CAs unless they maintain CRL
> servers with good availability.
I personally use CAcert and they actually have a very good CRL system. Couldn't understand from the previous posts why the bogus certificate wasn't just revoked...