A mighty fortress is our PKI, Part II
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Aug 11 13:02:06 EDT 2010
Thor Lancelot Simon <tls at rek.tjls.com> writes:
>If you want to see a PKI tragedy in the making, have a look at the CRLs used
>by the US DoD.
Only "in the making"?
Actually it's all relative, in Japan the Docomo folks turned off CRLs because
they found that even a relatively modest CRL (not just the DoD monsters)
presented a nice DoS when sent over cellular data links. What happened was
that as the CRLs grew, performance got worse and worse as the phone downloaded
the CRL. It took them quite some time to diagnose that they were being DoS'd
by their own PKI.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list