[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Rethink CRLs
>
> developing a PKI for employees needs a requirement to revocate (transfer,
> leave of absence, terminated etc.). short validity periods may work
> but is an admin nightmare. CRLs may work - but how/does it scale?
This was my initial reaction also. However, as I have noted in recent
messages, I believe we have a lot of the short expiry problems tamed,
if not entirely vanquished. Section 6.1 of the draft supports automating
the revalidation of an expired certificate. I believe it can be shown
that this automation can be done without compromising security.
Brian Thomas - Distributed Systems Architect bt0008@entropy.sbc.com
Southwestern Bell bthomas@primary.net
One Bell Center, Room 23Q1 Tel: 314 235 3141
St. Louis, MO 63101 Fax: 314 331 2755