[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CRLs versus short Validity periods
At 19:15 2/29/96, Bill Sommerfeld wrote:
>With short-lived certificates (possibly implemented as long-lived
>certificates which need to be "countersigned" periodically by an
>on-line CA), much more of the revocation infrastructure will be
>exercised on a regular basis, leading to a more robust system as a
>whole.
I think you ought to spell out the option of countersigning a long-lived
cert. To me, this is a cert whose attribute is "alive" only if combined
with a short-lived cert. That short-lived cert is then a positive
equivalent to the negative CRL. [presence of short-lived cert
== absense of short-lived CR]
Is this what you mean?
It should be logically equivalent, but I'd like to think more about the
details -- add it to my performance comparison.
=- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430 http://www.cybercash.com/ |
|2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091 Tel: (703) 620-4200 |
+--------------------------------------------------------------------------+
Follow-Ups: