Bugtraq mailing list archives
Re: Verisign certificates problem
From: Michael Reilly <michaelr () CISCO COM>
Date: Mon, 26 Mar 2001 12:10:41 -0800
I'd have to say though that the CDP field works rather well. I run a
rather
large set of CAs. When we were just using the monolithic CRL, each client takes a long time to do verification of certificates. When we switched to the distribution point extension, verification checking time fell considerably.
Depends on which CA server you are using and on how large the CRL is. We have processed CRLs larger than 8kb in under a second but it took that CA over 60 seconds to respond to the request to send the CRL. Other vendors CA servers respond much faster. With a small CA and a fast responding server it could take longer to verify the signature on the CRL than it takes to actually get the CRL and check the contents. michael
Current thread:
- Verisign certificates problem Sinclair, Roy (Mar 23)
- CRLs (was Re: Verisign certificates problem j eric townsend (Mar 25)
- Re: CRLs (was Re: Verisign certificates problem Patrick Patterson (Mar 26)
- <Possible follow-ups>
- Re: Verisign certificates problem Elias Levy (Mar 24)
- Re: Verisign certificates problem Peter Gutmann (Mar 25)
- Re: Verisign certificates problem Peter Gutmann (Mar 25)
- Re: Verisign certificates problem Ogle Ron (Rennes) (Mar 26)
- Re: Verisign certificates problem Michael Reilly (Mar 27)
- Re: Verisign certificates problem Wham Bang (Mar 27)
- CRLs (was Re: Verisign certificates problem j eric townsend (Mar 25)