<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
    <title></title>
  </head>
  <body bgcolor="#ffffff" text="#000000">
    <br>
    On 03/30/2011 11:33 PM, From John Bradley:<br>
    <blockquote
      cite="mid:B9929B6C-9230-49BF-9C6B-D3B7920CBF14@ve7jtb.com"
      type="cite">
      <div>However as you say if people don't manage the certificates in
        their root store they are more likely to see this sort of thing.</div>
    </blockquote>
    <br>
    True.<br>
    <br>
    <blockquote
      cite="mid:B9929B6C-9230-49BF-9C6B-D3B7920CBF14@ve7jtb.com"
      type="cite">
      <div>No CA is imune, sometimes customers shoot themselves in the
        foot,  generating week keys etc.</div>
    </blockquote>
    <br>
    The better CAs check for that when possible...but it's also correct
    there is no 100% always. Otherwise there wouldn't be a bunch of bug
    fixes and security updates with any kind of software all the time.<br>
    <br>
    <blockquote
      cite="mid:B9929B6C-9230-49BF-9C6B-D3B7920CBF14@ve7jtb.com"
      type="cite">
      <div>We have to be able to deal with revoked certificates or we
        should not be using TLS security for a key part of openID trust.</div>
    </blockquote>
    <br>
    Revocation status should be certainly checked.<br>
    <br>
    <br>
    <div class="moz-signature">
      <table border="0" cellpadding="0" cellspacing="0">
        <tbody>
          <tr>
            <td colspan="2">Regards </td>
          </tr>
          <tr>
            <td colspan="2"> </td>
          </tr>
          <tr>
            <td>Signer: </td>
            <td>Eddy Nigg, COO/CTO</td>
          </tr>
          <tr>
            <td> </td>
            <td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
          </tr>
          <tr>
            <td>XMPP: </td>
            <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
          </tr>
          <tr>
            <td>Blog: </td>
            <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
          </tr>
          <tr>
            <td>Twitter: </td>
            <td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
          </tr>
          <tr>
            <td colspan="2"> </td>
          </tr>
        </tbody>
      </table>
    </div>
    <br>
  </body>
</html>