We have allowed for the possibility of CRLs in SPKI cert validity fields, but we haven't specified CRL formats. Is there a strong believer in CRLs out there who would like to suggest what the CRL needs to contain? My stab at it: begin: revoke: <ID of cert> <more as needed> validity-period: <int> // seconds end: