On 03/12/2009 04:04 AM, Nelson B Bolyard:
In our organization we use nss to validate CRLs of the Belgian Government.
In a few months it is expected that these CRLs will grow exponentially.
It will be necessary to download many gigabytes of CRLs each day.
So, you see this problem coming in advance. That's good. Maybe someone
should be looking into how this revocation problem can be solved without
gigabytes of CRLs, like OCSP for example.
Or perhaps look into the reasons for the revocations? A gigabyte sized
CRL is about 8,000,000,000 revocations. Doesn't sound reasonable to me.
There aren't that many world citizens, not speaking about certs...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
