In the 1950s we had cheque blacklists, which were used in an attempt to manage
bad cheques.
They didn't work well, and were abandoned as soon as better mechanisms
became available.
In the 1960s and 70s we had credit card blacklists, which were used in an
attempt to manage bad credit cards.
Florian Weimer wrote:
Can't you strip the certificates which have expired from the CRL? (I
know that with OpenPGP, you can't, but that's a different story.)
Yes, you can.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far
Not to defend PKI, but what about delta-CRLs?
Maybe not available at time of the Navy deployment? But certainly
meaning that people can download just changes since last update.
Steven writes:
[alternatives] such as simply publishing the hash of revoked
certificates,
Well presumably you mean
On Wed, 17 Aug 2005, Florian Weimer wrote:
Can't you strip the certificates which have expired from the CRL? (I
know that with OpenPGP, you can't, but that's a different story.)
Probably, you want to save the signatures on the old lists,
but I dont see why you can not download only delta of
Peter Gutmann wrote:
In the 1950s we had cheque blacklists, which were used in an attempt to manage
bad cheques.
They didn't work well, and were abandoned as soon as better mechanisms
became available.
In the 1960s and 70s we had credit card blacklists, which were used in an
attempt
In message [EMAIL PROTECTED], Florian Weimer writes:
* Steven M. Bellovin:
In message [EMAIL PROTECTED], Florian Weimer writes:
Can't you strip the certificates which have expired from the CRL? (I
know that with OpenPGP, you can't, but that's a different story.)
OTOH, I wouldn't be concerned
as an aside, PKIs have attempted to moved into the no-value market segment.
as internet and online have become more and more ubiquitous the original
offline market segment for PKI has drastically dwindled ... i.e. a
certification authority certifying information and freely distributing
that
Em Quarta 17 Agosto 2005 07:07, Peter Gutmann escreveu:
Along the way, the military also has revoked 10 million certificates as
personnel and network needs change. That huge certificate revocation list
(CRL) - which has bloated to over 50M bytes in file size - is the crux of
Don't these