[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate Cancellation Notices (CCN)
At 03:11 PM 4/5/97 -0500, Steven Bellovin wrote:
>The point of CRLs is to avoid the need for online services. It's not so
>much the replication of the database that concerns me; rather, it's the
>requirement that all possible acceptors of certificates be online to do
>any processing whatsoever.
We already have an even simpler mechanism for processing certificates
offline -- certificates with no online tests and no CRLs -- just their
own validity intervals.
Offline CRLs don't magically make offline certs suddenly any more precise
than certs alone whose dates are the intersection of the cert plus CRL.
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups:
References: