On Wed, 05 Sep 2007 13:22:21 EDT, Sean Donelan said: > In the event a certificate is compromised Certificate Revokation Lists > (CRL) lifetimes, not the certificate's lifetime, determines how big the > exposure window for a compromised certificate. > > If you re-issue (and check) CRL's daily for 10 year certificates, your > exposure is a day, not 10 years.
Stupid question - what percent of deployed software actually does CRLs correctly?
pgprQBgOE7tgb.pgp
Description: PGP signature
