On 31/1/09 03:56, Kyle Hamilton wrote:
The PKIX standard can deal with problems of this extent.
If an implementation of the standard cannot, then the implementation
is nonconforming, and cannot be expected to interoperate.
Do you mean, an implementation should be able to deal with a CRL of any
size?
I thought the whole OCSP thing was about the realisation that CRLs were
basically impractical out in userland? Don't get me wrong, I'm not
trying to start an argument here, but it seems pretty tough to blame an
application for not being able to cope for something we've already moved
on from.
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
