There's one very important side-effect of the existence of a large number of compromised certificates accepted by navigator: the upgraded clients must either do CRL processing, or the roots used to sign all possibly compromised keys *must* be rejected by the fixed navigator. Simon