[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CRLs versus short Validity periods

At 19:15 2/29/96, Bill Sommerfeld wrote:

>With short-lived certificates (possibly implemented as long-lived
>certificates which need to be "countersigned" periodically by an
>on-line CA), much more of the revocation infrastructure will be
>exercised on a regular basis, leading to a more robust system as a

I think you ought to spell out the option of countersigning a long-lived
cert.  To me, this is a cert whose attribute is "alive" only if combined
with a short-lived cert.  That short-lived cert is then a positive
equivalent to the negative CRL.  [presence of short-lived cert
== absense of short-lived CR]

Is this what you mean?

It should be logically equivalent, but I'd like to think more about the
details -- add it to my performance comparison.

 =- Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |