|
Hi Ana,
>Well, you could go for the usage of the Hash and URL CERT. In case of
>CRL, probably OCSP could be more suitable. Or, carefully chosen
>certificate lifetimes could reduce the size of revocation lists. But
>again, what is then the advantage of this approach?
Imho, in CGA, the hosts already
have a pair of public/privat keys. Now that the key pair is
may provide protection for the negotiation messages. I think that it
will let the negotiation more simple. Is is right?
Thank you.
2009-06-11
Dong Zhang
|