[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Light-weight certificate revocation lists ?
> * But if you assume that certificates will be stored in distributed
> repositories and local caches, then there are efficiency benefits to
> using long-term certificates and short-term CRLs.
I'm don't think that this is unambiguously true.
It certainly depends on the value of a number of different parameters..
- transaction rate vs. CRL lifetime vs cert lifetime
- rate of invalidations
- size of CRL's vs size of certificates
- the ratio of distinct principals to distinct CRL issuers
*as seen by verifiers*.
- Bill
References: