<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
On 10/19/2012 04:46 AM, From Jeremy Rowley:
<blockquote cite="mid:00aa01cdada4$028c8de0$07a5a9a0$@digicert.com"
type="cite">
<pre wrap="">3) As has been pointed out thoroughly in a variety of forums, including most
notably the revocation working group, that in practice, revocation as
implemented today by Every Major Browser is not a security mechanism.
[JR] This is primarily a result of browsers refusing to use the information
provided, not the CAs providing the information.</pre>
</blockquote>
<br>
I think we should consider this a bit differently - revocation works
to the extend to make a certificate unusable for broad (bad) purpose
and commercially uninteresting.<br>
<br>
It doesn't work for very specific situations where a considerable
effort must be invested and certain control of the networks in
questions is a must. This could be a state actor for example.<br>
<br>
But all the naysayers of revocation mechanisms should carefully
point out when and for which specific situations it doesn't work and
where it does work. I think the claim in this respect is execrated.<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>