[99102] in North American Network Operators' Group
Re: PKI operators anyone?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Sep 5 13:49:07 2007
To: Sean Donelan <sean@donelan.com>
Cc: John Curran <jcurran@mail.com>,
North American Networking and Offtopic Gripes List <nanog@nanog.org>
In-Reply-To: Your message of "Wed, 05 Sep 2007 13:22:21 EDT."
<Pine.GSO.4.64.0709051243110.254@clifden.donelan.com>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 05 Sep 2007 13:34:31 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1189013670_10122P
Content-Type: text/plain; charset=us-ascii
On Wed, 05 Sep 2007 13:22:21 EDT, Sean Donelan said:
> In the event a certificate is compromised Certificate Revokation Lists
> (CRL) lifetimes, not the certificate's lifetime, determines how big the
> exposure window for a compromised certificate.
>
> If you re-issue (and check) CRL's daily for 10 year certificates, your
> exposure is a day, not 10 years.
Stupid question - what percent of deployed software actually does CRLs
correctly?
--==_Exmh_1189013670_10122P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFG3uimcC3lWbTT17ARAoSpAKDVIQ5ptzo9Mjyc/2/hUzGY7fV1RwCeKP8m
L0eAe+26nkjdlsCuTVZ0OXk=
=xeQi
-----END PGP SIGNATURE-----
--==_Exmh_1189013670_10122P--
