PKI operators anyone?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Sep 5 17:34:31 UTC 2007
On Wed, 05 Sep 2007 13:22:21 EDT, Sean Donelan said:
> In the event a certificate is compromised Certificate Revokation Lists
> (CRL) lifetimes, not the certificate's lifetime, determines how big the
> exposure window for a compromised certificate.
>
> If you re-issue (and check) CRL's daily for 10 year certificates, your
> exposure is a day, not 10 years.
Stupid question - what percent of deployed software actually does CRLs
correctly?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070905/ae64e728/attachment.sig>
More information about the NANOG
mailing list