a) Provide a place for CRL or OCSP b) Provide a reponse of "I don't know you - go away" for unauthenticated requests. c) The relying party should then not automatically trust the certificate since there is no assurance that the certificate is still valid. - - - - - - - - - - - - - Mack Hicks (415) 278-7230 -- Interactive Banking Division 425 1st St m/s3671, SF CA 94105 <Mack.Hicks@BankAmerica.com>