/openssl prepared to support partitioned
CRLs like the way described? In particular, if CRLs are cached,
mod_ssl must be able to merge several different partitions according
to the CDP to create a unified view over the revocation universe of a
CA.
Regards,
Nuno Ponte
Nuno Ponte a écrit :
Hi,
We are running a CA that has thousands of revoked certificates,
which leads to CRLs of several MBytes.
On the next nenewal of the CA, we are thinking of partitioning the
CRLs at each X number of issued certificates. The issued certificates
will have
Hi Gilles,
Thanks for your reply! :-)
The CA also offers OCSP, which is obviously the preferred way to
validate certificate status. I am just trying to make sure that there
is support from the applications world to such a CRL partitioning
scheme. Wide interoperability is a key goal.