PKI operators anyone?

• Previous message (by thread): PKI operators anyone?
• Next message (by thread): PKI operators anyone?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 05 Sep 2007 13:22:21 EDT, Sean Donelan said:

> In the event a certificate is compromised Certificate Revokation Lists 
> (CRL) lifetimes, not the certificate's lifetime, determines how big the
> exposure window for a compromised certificate.
> 
> If you re-issue (and check) CRL's daily for 10 year certificates, your 
> exposure is a day, not 10 years.

Stupid question - what percent of deployed software actually does CRLs
correctly?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070905/ae64e728/attachment.sig>

• Previous message (by thread): PKI operators anyone?
• Next message (by thread): PKI operators anyone?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]