|
… and for the status of CA certificates, server
certificates, or any other class of subjects for which the revocation rate is very
low. CRLs are an attractive approach when the only information to be
transmitted is akin to “yes, the stars are still shining in the heavens”
and only the occasional supernova needs to be individually enumerated. From: owner-ietf-pkix@xxxxxxxxxxxx
[mailto:owner-ietf-pkix@xxxxxxxxxxxx] On Behalf Of Hallam-Baker, Phillip On
the CRL thing, yes people will continue to use CRLs. In particular for
describing the status of OCSP responder certs. But if folk come along and say
reduce two mechanisms to one, OCSP is going to be the one left in virtually all
application level applications. |