[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Light-weight certificate revocation lists ?



> * But if you assume that certificates will be stored in distributed
>   repositories and local caches, then there are efficiency benefits to
>   using long-term certificates and short-term CRLs.

I'm don't think that this is unambiguously true.

It certainly depends on the value of a number of different parameters..

	- transaction rate vs. CRL lifetime vs cert lifetime
	- rate of invalidations
	- size of CRL's vs size of certificates
	- the ratio of distinct principals to distinct CRL issuers
	  *as seen by verifiers*.

					- Bill


References: