[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRLs versus short Validity periods

At 11:27 2/29/96, Graham Finlayson wrote:

>However, there are applications for which the CRLs result in a
>performance advantage.
>e.g. I am Sears. I accept MasterCard short-life certificates and can
>renew these certificates for the owner. I deal with a large number of
>certificate validations (and hence renewals in a day) . If I have to go to the
>issuer (MasterCard) to renew each certificate for a fraction of these
>people, this
>results in a lot of network traffic compared to MasterCard
>distributing the CRL, or better still a CRL update, every two days.

I'm intrigued.  Are you saying that Sears is, in effect, issuing its
own certificates for MasterCard?  If you're counting on CRLs, I have to assume
that the MC certs are long-life [e.g., 1 year] -- but you referred to
short-life certs.

Can you describe this operation in more detail?

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |