PKI operators anyone?

Valdis.Kletnieks at Valdis.Kletnieks at
Wed Sep 5 17:34:31 UTC 2007

On Wed, 05 Sep 2007 13:22:21 EDT, Sean Donelan said:

> In the event a certificate is compromised Certificate Revokation Lists 
> (CRL) lifetimes, not the certificate's lifetime, determines how big the
> exposure window for a compromised certificate.
> If you re-issue (and check) CRL's daily for 10 year certificates, your 
> exposure is a day, not 10 years.

Stupid question - what percent of deployed software actually does CRLs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list