[18217] in cryptography@c2.net mail archive
Re: How many wrongs do you need to make a right?
daemon@ATHENA.MIT.EDU (Alexander Klimov)
Wed Aug 17 11:06:14 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 17 Aug 2005 17:03:46 +0300 (IDT)
From: Alexander Klimov <alserkli@inbox.ru>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>,
cryptography@metzdowd.com
In-Reply-To: <87br3wdal7.fsf@mid.deneb.enyo.de>
On Wed, 17 Aug 2005, Florian Weimer wrote:
> Can't you strip the certificates which have expired from the CRL? (I
> know that with OpenPGP, you can't, but that's a different story.)
Probably, you want to save the signatures on the old lists,
but I dont see why you can not download only delta of the new revoked
certificates each day (e.g., using rsync).
> that CRL leaks sensitive information. At least from a privacy point
> of view, this is a big, big problem, especially if you include some
> indication which allows you to judge the validity of old signatures.
Apparently it is just usual serial number: ``the military also has
revoked 10 million ... which has bloated to over 50M bytes in file
size,'' that is just 5 bytes for each entry.
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
