North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: PKI operators anyone?
On Wed, 05 Sep 2007 13:22:21 EDT, Sean Donelan said: > In the event a certificate is compromised Certificate Revokation Lists > (CRL) lifetimes, not the certificate's lifetime, determines how big the > exposure window for a compromised certificate. > > If you re-issue (and check) CRL's daily for 10 year certificates, your > exposure is a day, not 10 years. Stupid question - what percent of deployed software actually does CRLs correctly? Attachment:
pgp00002.pgp
|