[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRLs versus short Validity periods

To: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Subject: Re: CRLs versus short Validity periods
From: cme@cybercash.com (Carl Ellison)
Date: Fri, 1 Mar 1996 02:03:52 -0500
Cc: spki@c2.org, coderpunks@toad.com
Sender: owner-coderpunks@toad.com

At 19:15 2/29/96, Bill Sommerfeld wrote:

>With short-lived certificates (possibly implemented as long-lived
>certificates which need to be "countersigned" periodically by an
>on-line CA), much more of the revocation infrastructure will be
>exercised on a regular basis, leading to a more robust system as a
>whole.

I think you ought to spell out the option of countersigning a long-lived
cert.  To me, this is a cert whose attribute is "alive" only if combined
with a short-lived cert.  That short-lived cert is then a positive
equivalent to the negative CRL.  [presence of short-lived cert
== absense of short-lived CR]

Is this what you mean?

It should be logically equivalent, but I'd like to think more about the
details -- add it to my performance comparison.

 =- Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+

Follow-Ups:

Re: CRLs versus short Validity periods

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Prev by Date: Re: CRLs versus short Validity periods
Next by Date: Re: CRLs versus short Validity periods
Prev by thread: Re: CRLs versus short Validity periods
Next by thread: Re: CRLs versus short Validity periods
Index(es):
- Main
- Thread