RE: Huge CRLs

["Phillip M Hallam-Baker" <pbaker@xxxxxxxxxxxx>]

I suggest discussion move to the USENet group alt.crypto.pki.revocation
Perhaps someone could rmgroup it?

I don't see any relevance to any PKIX working group draft.

	Phill

> -----Original Message-----
> From: Bob Jueneman [mailto:BJUENEMAN@novell.com]
> Sent: Thursday, September 16, 1999 11:09 AM
> To: ietf-pkix@imc.org
> Subject: Re: Huge CRLs
>
>
> Because this topic seems to be somewhat removed from the primary
> focus of the cert-talk group, I'd like to suggest that further discussions
> only copy the ietf-pkix list.
>
> Bob
>
> >>> Ed Gerck <egerck@nma.com> 09/15/99 03:13PM >>>
>
>
> Stephen Kent wrote:
>
> > >Further, the major X.509 security application today, SSL, does not
> > >check revocation lists -- so they are near to useless. Also,
> the user is
> > >not able to check server certificates (and certificates in the
> CA chains)
> > >against revocation lists.
> >
> > I think you are confusing SSL, the protocol, vs. implementations of SSL
> > (and https, in browsers.  Browsers have a number of defects in their
> > handling of certs, but it is not accurate to attribute this to SSL.
>
> No, Steve, I am not confusing either or even both ;-) Pls check
> the list archives
> for my exchanges with Ben on this thread, especially those with
> subjects "Re:
> Trust and client choices, was Re: Huge CRLs".  At least, Ben and
> I agreed --
> which I must say does not happen so often ;-)
>
> Cheers,
>
> Ed Gerck
> ______________________________________________________________________
> http://www.mcg.org.br/authors/eg.htm                    egerck@nma.com
>
>