[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CRLs versus short Validity periods
-----BEGIN PGP SIGNED MESSAGE-----
content-type: text/plain; charset=us-ascii
In case (b), I send an even smaller message, asking for the whole CRL,
and get back a potentially large message [the CRL]. The CRL as a whole
has to be signed only when it's created or modified -- so this option might
let the Issuer do fewer digital signatures. The Verifier needs to check
signatures on both the certificate and the CRL.
This is hearsay, but I seem to recall reading a report from a pilot
project using X.509.
Their experience was that CRL's in real installations were usually
empty.
As an engineer working on large systems, this scares me. It means
that CRL-handling code in applications will not usually be fully
exercised -- which means it won't be as reliable as the rest of the
system.
As a result, administrators who need to revoke a key will thus risk
destabilizing their infrastructure when they finally create a
non-empty CRL...
With short-lived certificates (possibly implemented as long-lived
certificates which need to be "countersigned" periodically by an
on-line CA), much more of the revocation infrastructure will be
exercised on a regular basis, leading to a more robust system as a
whole.
- Bill
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMTZBhVpj/0M1dMJ/AQEOgQP6A/4Cr0PjW7ub0B1djCGRMJq6/1rzkAzj
R65tgoHqXgnDpjDouiyB+8YazNB6HJ8P4i8vCGwBC4dm54p7aUVkGbilDgF9BxGt
vHzd75d5S2MKU+kOGOLEOnlMSecSPGJfoyrELQDekO/IxM+W/SidbkP95tz8UC5K
oRXgw9Udeg4=
=Lejs
-----END PGP SIGNATURE-----
References: