- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 15 Feb 2014 09:19:46 +0100
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
In the CMP proposal, "Revocation" is mentioned as a requirement. This requirement should be dropped since it only supports edge-cases like a user wanting to revocate a key because he/she believes it has been compromised. Lost key/token use-case: ------------------------------------ If have lost a key, it is not possible to revoke it directly, you have to contact the administrator/issuer. Unsubscribing from a service use-case: -------------------------------------------------------- You log in an ask to be unsubscribed. What happens then is service-dependent and may or may not involve revocation. A slight variation of this scheme can also cover for compromised key use-case. That is, revocation can without doubt remain a management function. Anders
Received on Saturday, 15 February 2014 08:20:25 UTC