On Wed, 17 Aug 2005, Florian Weimer wrote: > Can't you strip the certificates which have expired from the CRL? (I > know that with OpenPGP, you can't, but that's a different story.)
Probably, you want to save the signatures on the old lists, but I dont see why you can not download only delta of the new revoked certificates each day (e.g., using rsync). > that CRL leaks sensitive information. At least from a privacy point > of view, this is a big, big problem, especially if you include some > indication which allows you to judge the validity of old signatures. Apparently it is just usual serial number: ``the military also has revoked 10 million ... which has bloated to over 50M bytes in file size,'' that is just 5 bytes for each entry. -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]