On 23.02.2012 21:10, Nico Williams wrote:
Google's solution is to push CRLs directly to the client (well, the client pulls CRL updates, but you get the point): http://www.imperialviolet.org/2012/02/05/crlsets.html
If my understanding is correct that they are pushing only a subset, then there is the risk that important revocations are filtered. Any revocation event might be important.
If a trainee at a CA issues a test cert for www.important.site, then immediately revokes it, who decides whether that should be filtered or not?
Kai _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
