How many wrongs do you need to make a right?

2005-08-17 Thread Peter Gutmann
In the 1950s we had cheque blacklists, which were used in an attempt to manage bad cheques. They didn't work well, and were abandoned as soon as better mechanisms became available. In the 1960s and 70s we had credit card blacklists, which were used in an attempt to manage bad credit cards.

Re: How many wrongs do you need to make a right?

2005-08-17 Thread Ben Laurie
Florian Weimer wrote: Can't you strip the certificates which have expired from the CRL? (I know that with OpenPGP, you can't, but that's a different story.) Yes, you can. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far

Re: How many wrongs do you need to make a right?

2005-08-17 Thread Adam Back
Not to defend PKI, but what about delta-CRLs? Maybe not available at time of the Navy deployment? But certainly meaning that people can download just changes since last update. Steven writes: [alternatives] such as simply publishing the hash of revoked certificates, Well presumably you mean

Re: How many wrongs do you need to make a right?

2005-08-17 Thread Alexander Klimov
On Wed, 17 Aug 2005, Florian Weimer wrote: Can't you strip the certificates which have expired from the CRL? (I know that with OpenPGP, you can't, but that's a different story.) Probably, you want to save the signatures on the old lists, but I dont see why you can not download only delta of

Re: How many wrongs do you need to make a right?

2005-08-17 Thread Anne Lynn Wheeler
Peter Gutmann wrote: In the 1950s we had cheque blacklists, which were used in an attempt to manage bad cheques. They didn't work well, and were abandoned as soon as better mechanisms became available. In the 1960s and 70s we had credit card blacklists, which were used in an attempt

Re: How many wrongs do you need to make a right?

2005-08-17 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Florian Weimer writes: * Steven M. Bellovin: In message [EMAIL PROTECTED], Florian Weimer writes: Can't you strip the certificates which have expired from the CRL? (I know that with OpenPGP, you can't, but that's a different story.) OTOH, I wouldn't be concerned

Re: How many wrongs do you need to make a right?

2005-08-17 Thread Anne Lynn Wheeler
as an aside, PKIs have attempted to moved into the no-value market segment. as internet and online have become more and more ubiquitous the original offline market segment for PKI has drastically dwindled ... i.e. a certification authority certifying information and freely distributing that

Re: How many wrongs do you need to make a right?

2005-08-17 Thread Andreas Hasenack
Em Quarta 17 Agosto 2005 07:07, Peter Gutmann escreveu: Along the way, the military also has revoked 10 million certificates as personnel and network needs change. That huge certificate revocation list (CRL) - which has bloated to over 50M bytes in file size - is the crux of Don't these