Julien R Pierre - Sun Microsystems wrote:
[...]
As for case b, if I understand correctly, you are saying CRLs growing
unbounded is not a problem in a world without CRLs. Right :) ?
The fact is that both CRLs and OCSP have their uses, in different places.
[...]
Also the problem is that if only the CA in a central location can answer
the OCSP response it becomes a single point of failure, so in many case
you need to have several responding entity, or at least several response
location. And need to transmit the revocation information between them.
So again you have a size problem even with OCSP.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
