[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CRL versys short-expiry

To: "Brian M. Thomas" <bt0008@entropy.sbc.com>
Subject: CRL versys short-expiry
From: Carl Ellison <cme@cybercash.com>
Date: Thu, 08 Aug 1996 14:25:18 -0400
Cc: spki@c2.org
Sender: owner-spki@c2.org

At 04:50 PM 8/7/96 -0500, Brian M. Thomas wrote:
>Subject: Re: CRL format revision -Reply

>I think that many agree.  Three basic methods are available: CRLs,
>real-time validation, and short expiry

I think there are only 2 -- since I take real-time validation to be a very
short expiry.  We can't have a validity period of 0 -- because there are
issues of communication time and clock skew.  We can't trust a connection to
the issuer not to be delayed by an attacker, so we have to base our
decisions on date and time.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |
+--------------------------------------------------------------------------+

Prev by Date: cert/CRL online database versus client ownership
Next by Date: Re: Rethink CRLs
Prev by thread: cert/CRL online database versus client ownership
Next by thread: spec for wire format of SPKI cert
Index(es):
- Main
- Thread