nanog mailing list archives
Re: PKI operators anyone?
From: Valdis.Kletnieks () vt edu
Date: Wed, 05 Sep 2007 13:34:31 -0400
On Wed, 05 Sep 2007 13:22:21 EDT, Sean Donelan said:
In the event a certificate is compromised Certificate Revokation Lists (CRL) lifetimes, not the certificate's lifetime, determines how big the exposure window for a compromised certificate. If you re-issue (and check) CRL's daily for 10 year certificates, your exposure is a day, not 10 years.
Stupid question - what percent of deployed software actually does CRLs correctly?
Attachment:
_bin
Description:
Current thread:
- PKI operators anyone? Joe Maimon (Sep 05)
- Re: PKI operators anyone? John Curran (Sep 05)
- Re: PKI operators anyone? Joe Maimon (Sep 05)
- Re: PKI operators anyone? John Curran (Sep 05)
- Re: PKI operators anyone? Sean Donelan (Sep 05)
- Re: PKI operators anyone? John Curran (Sep 05)
- Re: PKI operators anyone? Valdis . Kletnieks (Sep 05)
- Re: PKI operators anyone? Chris Marlatt (Sep 05)
- Re: PKI operators anyone? Sean Donelan (Sep 05)
- Re: PKI operators anyone? Joe Maimon (Sep 05)
- Re: PKI operators anyone? bmanning (Sep 06)
- Re: PKI operators anyone? Joel Jaeggli (Sep 06)
- Re: PKI operators anyone? John Curran (Sep 05)
- Re: PKI operators anyone? Joel Jaeggli (Sep 05)
- RE: PKI operators anyone? Erik Amundson (Sep 06)
- Re: PKI operators anyone? Joe Maimon (Sep 05)
- Re: PKI operators anyone? Steven M. Bellovin (Sep 05)