5 Sep
2007
5 Sep
'07
1:34 p.m.
On Wed, 05 Sep 2007 13:22:21 EDT, Sean Donelan said:
In the event a certificate is compromised Certificate Revokation Lists (CRL) lifetimes, not the certificate's lifetime, determines how big the exposure window for a compromised certificate.
If you re-issue (and check) CRL's daily for 10 year certificates, your exposure is a day, not 10 years.
Stupid question - what percent of deployed software actually does CRLs correctly?