[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Verisign gets export approval




Lucky Green wrote:
> 
> The cert is typically valid for a year, but is subject to revocation
> at any time by VeriSign upon the USG's request. Such revocation or
> refusal to issue a new cert after the first year of operation will
> leave the webserver operator with a server that is no longer able to
> encrypt communications to their customers in any meaningful way,
> thereby effectively shutting down Internet based operations of the
> company unfortunate enough to invest in such a flawed solution.

I don't know the details of the agreement between VeriSign and the
USG.  I'm curious: how will the CRL for this revocation get distributed?
Since Communicator doesn't automatically pull CRLs, how can any action
on VeriSign's part disable crypto for that server?  Or are you
suggesting that as part of the revocation process, the USG will bust
down their doors and grab all copies of their private keys?

-- 
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice.  You must understand Tao before      | [email protected]
transcending structure.  -- The Tao of Programming   |