David,
David Stutzman wrote:
Jean-Marc Desperrier wrote:
You *obviously* never had to handle this CRL :
http://onsitecrl.certplus.com/DIRECTIONGENERALEDESIMPOTSDIRECTIONGENERALEDESIMPOTSUSAGER/LatestCRL
Java programs just can't take it up. And J2EE is by far the most
popular application server architecture nowadays. 64 bits J2EE with an
enterprise level stability is not a reality today.
I can personally attest to the fact that trying to load a CRL with
~250,000 entries destroys Java using the Sun API. I opened a bug with
Sun on this issue.
I can also tell you that NSS handles CRLs of that size just fine. In
fact I was testing a CRL with 1.2 million entries as far back as 2002
when I implemented the CRL cache in NSS 3.6. It does take a lot of RAM,
but that is generally not that much of an issue for servers, especially
the 64-bit servers we have today.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
