How many wrongs do you need to make a right?
Alexander Klimov
alserkli at inbox.ru
Wed Aug 17 10:03:46 EDT 2005
On Wed, 17 Aug 2005, Florian Weimer wrote:
> Can't you strip the certificates which have expired from the CRL? (I
> know that with OpenPGP, you can't, but that's a different story.)
Probably, you want to save the signatures on the old lists,
but I dont see why you can not download only delta of the new revoked
certificates each day (e.g., using rsync).
> that CRL leaks sensitive information. At least from a privacy point
> of view, this is a big, big problem, especially if you include some
> indication which allows you to judge the validity of old signatures.
Apparently it is just usual serial number: ``the military also has
revoked 10 million ... which has bloated to over 50M bytes in file
size,'' that is just 5 bytes for each entry.
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list