anything, and
this CRL covers *all* the certificates (even the one signed by the
old key)
Discussion and comments are welcomed.
--
Erwann ABALEA [EMAIL PROTECTED]
apache2_2.2.6_crl_renewed_CA.diff.gz
Description: Binary data
2008/10/15 Dr Stephen Henson [EMAIL PROTECTED]:
Erwann ABALEA wrote:
2008/10/15 Dr Stephen Henson [EMAIL PROTECTED]:
Dirk-Willem van Gulik wrote:
On Aug 28, 2008, at 9:41 PM, Nicob wrote:
[...]
This issue does have some security implications. For example a revoked
client certificate could
2008/10/20 Erwann ABALEA [EMAIL PROTECTED]:
What is the decision criteria to reload a CRL? expiration of the
notAfter date? An application based period would be better.
s/notAfter/nextUpdate/
--
Erwann.
It could be done, yes.
However, it's slightly less necessary, as right now prime256v1 curve
is the default one, and it's a secure one (until Dan Bernstein
publishes his paper about NIST curves).
On high-volume websites, some may be tempted to switch to prime224v1
if it was possible; it's twice as
Hello,
I wrote and posted this patch several weeks ago, this is just a
message to eventually open a discussion for its approval or rejection.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
2011/4/16 Chris Hill chris.hill...@gmail.com:
[...]
SSL handshakes take more processing power in the server side than on the
client side (some commented in the order of 15x more). This is great news
for attackers who want to take down a site and the work has already be done
for them through
