nanog mailing list archives

Re: PKI operators anyone?

From: Valdis.Kletnieks () vt edu
Date: Wed, 05 Sep 2007 13:34:31 -0400

On Wed, 05 Sep 2007 13:22:21 EDT, Sean Donelan said:

In the event a certificate is compromised Certificate Revokation Lists 
(CRL) lifetimes, not the certificate's lifetime, determines how big the
exposure window for a compromised certificate.

If you re-issue (and check) CRL's daily for 10 year certificates, your 
exposure is a day, not 10 years.


Stupid question - what percent of deployed software actually does CRLs
correctly?

Attachment: _bin
Description:

Current thread:

PKI operators anyone? Joe Maimon (Sep 05)
- Re: PKI operators anyone? John Curran (Sep 05)
  - Re: PKI operators anyone? Joe Maimon (Sep 05)
    - Re: PKI operators anyone? John Curran (Sep 05)
    - Re: PKI operators anyone? Sean Donelan (Sep 05)
    - Re: PKI operators anyone? John Curran (Sep 05)
    - Re: PKI operators anyone? Valdis . Kletnieks (Sep 05)
    - Re: PKI operators anyone? Chris Marlatt (Sep 05)
    - Re: PKI operators anyone? Sean Donelan (Sep 05)
    - Re: PKI operators anyone? bmanning (Sep 06)
    - Re: PKI operators anyone? Joel Jaeggli (Sep 06)
- RE: PKI operators anyone? Erik Amundson (Sep 05)
  - Re: PKI operators anyone? Joel Jaeggli (Sep 05)
    - RE: PKI operators anyone? Erik Amundson (Sep 06)
- Re: PKI operators anyone? Steven M. Bellovin (Sep 05)
  - Re: PKI operators anyone? Joe Maimon (Sep 05)
    - Re: PKI operators anyone? Steven M. Bellovin (Sep 05)

(Thread continues...)