|
|
|
|
|
|
by ghostpepper
1701 days ago
|
|
|
I'm a bit confused by this also. My understanding was that each node in a certificate tree/list consists of a key pair (public/private), and the entity metadata which needs to be verified. eg. the root CA has a private key that it uses to sign CAs, and those CAs have their own private key that it used to sign individual leaf node certificates. Meanwhile, revocations are distributed as a separate CRL - certificate revocation list - which contains a list of certificates whose signees are no longer to be trusted. I'm not very clear on how this process works, but in any case I don't think keys can be revoked. |
|
|