Jean-Marc Desperrier wrote: > Well, CRL can also be made to scale properly to handle a large number of > revocation, but this requires a few operationnal changes.
...which presumably have to be made before you issue the certs? > The alternative in order to avoid changing the CA constantly would be > CRL splitting, changing the CRL distribution points, and setting the > critical Issuing Distribution Point in the crl with an URL that matches > the CRL DP. But this is not supported by all implementions, and > especially maybe only by Fx 3 and not Fx 2. Fx 3 does not, as far as I know, support CRL DPs. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
