Re: FWD:Shockwave security hole exposes e-mail (fwd)

Rohit Khare (khare@w3.org)
Thu, 27 Mar 1997 21:00:15 -0500 (EST)


> The only way I can see out of this in a code-signing framework would
> be for Macromedia to get a new certificate *and* somehow securely
> revoke the old one... does Authenticode provide for that?

Of course not, not until the annual certificate expires. There is no online
verification of certs at the current time. That's the price we pay
for offline services. Of course, offline services don't have to be quite
so pessimistic about revocation lists. Netscape is in no better shape with
their proposal AFAIK.

RK