On 01/31/2009 06:08 PM, Paul Hoffman:
On 31/1/09 03:56, Kyle Hamilton wrote:
The PKIX standard can deal with problems of this extent.
If an implementation of the standard cannot, then the implementation
is nonconforming, and cannot be expected to interoperate.
Do you mean, an implementation should be able to deal with a CRL of any size?
I don't know whether it is what Kyle meant, but it is certainly what I meant.
If a trust anchor has a CRL that is too large for for the implementation to
handle, the implementation MUST remove that trust anchor from its pile.
Seconded, I love clear words. Apparently NSS has no problem with it (I
haven't tested it because it seems ridiculous), therefore this leaves it
an isolated problem for Java.
(However can anybody tell me what the use of this CRL is and if this is
a CRL which potentially would be used in software which relies on CRL
checking and automated fetching of the CRL?)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
