Re: What ASN.1 got right

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 04, 2021 at 04:11:18PM +0100, Dirk-Willem van Gulik wrote:
> As it allows key management, verification, etc without necessarily
> telling world+dog what you are doing (but for the occasional bulk down
> load of some CRLs).

You can dispense with CRLs/OCSP if you use sufficiently short-lived
certificates.

That requires an online CA to certify those short-lived certificates,
but it's online infrastructure that is required only once or twice per
rotation period for any one end entity.

Nico
-- 




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux