On 09/02/12 12:54, Rob Stradling wrote:
We've calculated that there are currently ~53,000 revoked Server Authentication certs that were issued by Comodo's CA systems, each with a serial number of 16 bytes (+ a leading zero byte if required to ensure it's not treated as a negative number). That adds up to well over 800KB. And obviously we're not the only CA!
Which is why he's obviously not going to transmit the information as a list of serial numbers :-)
He's probably planning something vaguely like this: http://en.wikipedia.org/wiki/Bloom_filter Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto