On 09/02/12 13:10, Gervase Markham wrote:
On 09/02/12 12:54, Rob Stradling wrote:
We've calculated that there are currently ~53,000 revoked Server
Authentication certs that were issued by Comodo's CA systems, each with
a serial number of 16 bytes (+ a leading zero byte if required to ensure
it's not treated as a negative number). That adds up to well over 800KB.
And obviously we're not the only CA!
Which is why he's obviously not going to transmit the information as a
list of serial numbers :-)
Actually, he is.
He's probably planning something vaguely like this:
http://en.wikipedia.org/wiki/Bloom_filter
I know Adam was looking at Bloom filters and related techniques last
year [1], but I understand that he abandoned those approaches. I'm not
sure why.
The current CRLSet format is described in the Chromium source code [2]
(search for "CRLSet format").
Also, he's published a tool for downloading and parsing CRLSets [3].
[1] http://www.imperialviolet.org/2011/04/29/filters.html
[2]
http://src.chromium.org/viewvc/chrome/trunk/src/net/base/crl_set.cc?revision=97640&view=markup
[3] https://github.com/agl/crlset-tools
Gerv
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
