FYI, Adam Langley told me "The hope is that everything is <100KB".
I asked him if I could share that figure here and he just replied "No
problem. It's not a strict limit that we set and we'll have to see
how well we do".
We've calculated that there are currently ~53,000 revoked Server
Authentication certs that were issued by Comodo's CA systems, each with
a serial number of 16 bytes (+ a leading zero byte if required to ensure
it's not treated as a negative number). That adds up to well over
800KB. And obviously we're not the only CA!
On 08/02/12 22:18, Nelson B Bolyard wrote:
On 2012/02/08 12:57 PDT, Kai Engert wrote:
My criticism:
[snip]
Won't the set of CRLs be too big for download?
[snip]
This is my question as well.
Will they really include the CRLs from all of mozilla's trusted CAs?
Won't the union of all those CRLs be huge, even if they strip off certain
reason codes?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
