[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A proxy certificate validation question.

To: Nelson B Bolyard <nelson@xxxxxxxxxx>
Subject: Re: A proxy certificate validation question.
From: "Timothy J. Miller" <tmiller@xxxxxxxxx>
Date: Tue, 20 Jan 2009 10:35:38 -0600
Cc: "ietf-pkix@xxxxxxx" <ietf-pkix@xxxxxxx>
In-reply-to: <4971160D.4020801@xxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <4964DEFF.9080000@xxxxxxxxx> <87aba33tpd.fsf@xxxxxxxxxxxxxxxxxxx> <49651DFF.9040809@xxxxxxxx> <> <496537D9.6090802@xxxxxxxx> <2788466ED3E31C418E9ACC5C316615572FFC57@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <4966369C.5090404@xxxxxxxxxxxxx> <49672B7E.90801@xxxxxxxxxxx> <2788466ED3E31C418E9ACC5C316615572FFC5F@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <> <2788466ED3E31C418E9ACC5C3166155768B203@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <200901162142.n0GLgvRX010697@xxxxxxxxxxxxxxxxxxxxxxx> <4971160D.4020801@xxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.19 (Windows/20081209)

Nelson B Bolyard wrote:

TLS servers that request client authentication prefer to use CRLs than
OCSP for validating client certs because it's faster and more efficient
to use a CRL downloaded (say) daily than to do an OCSP query for every
connection.

That's all well and good until your CRLs get to a couple of hundredmegabytes.


-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: A proxy certificate validation question.
  - From: Stephen Kent

References:
- A proxy certificate validation question.
  - From: Timothy J. Miller
- Re: A proxy certificate validation question.
  - From: Simon Josefsson
- Re: A proxy certificate validation question.
  - From: Von Welch
- Re: A proxy certificate validation question.
  - From: Stephen Kent
- Re: A proxy certificate validation question.
  - From: Von Welch
- RE: A proxy certificate validation question.
  - From: Hallam-Baker, Phillip
- Re: A proxy certificate validation question.
  - From: Philipp Gühring
- Re: A proxy certificate validation question.
  - From: Johannes Merkle
- RE: A proxy certificate validation question.
  - From: Hallam-Baker, Phillip
- RE: A proxy certificate validation question.
  - From: Stephen Kent
- RE: A proxy certificate validation question.
  - From: Hallam-Baker, Phillip
- RE: A proxy certificate validation question.
  - From: Kemp, David P.
- Re: A proxy certificate validation question.
  - From: Nelson B Bolyard

Prev by Date: Re: A certificate validation question.
Next by Date: Re: A proxy certificate validation question.
Previous by thread: Re: A proxy certificate validation question.
Next by thread: Re: A proxy certificate validation question.
Index(es):
- Date
- Thread