[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rethink CRLs

To: spki@c2.org, moline@gumby.dsd.TRW.COM
Subject: Re: Rethink CRLs
From: "Brian M. Thomas" <bt0008@entropy.sbc.com>
Date: Thu, 8 Aug 1996 14:16:36 -0500 (CDT)
Sender: owner-spki@c2.org

> 
> developing a PKI for employees needs a requirement to revocate (transfer,
> leave of absence, terminated etc.). short validity periods may work
> but is an admin nightmare. CRLs may work - but how/does it scale?

This was my initial reaction also.  However, as I have noted in recent
messages, I believe we have a lot of the short expiry problems tamed,
if not entirely vanquished.  Section 6.1 of the draft supports automating
the revalidation of an expired certificate.  I believe it can be shown
that this automation can be done without compromising security.


Brian Thomas - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                             bthomas@primary.net
One Bell Center,  Room 23Q1                   Tel: 314 235 3141
St. Louis, MO 63101                           Fax: 314 331 2755

Prev by Date: CRL versys short-expiry
Next by Date: Re: CRL format revision -Reply -Reply
Prev by thread: Re: Rethink CRLs
Next by thread: Re: Rethink CRLs
Index(es):
- Main
- Thread