A mighty fortress is our PKI, Part II

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Aug 11 13:02:06 EDT 2010


Thor Lancelot Simon <tls at rek.tjls.com> writes:

>If you want to see a PKI tragedy in the making, have a look at the CRLs used
>by the US DoD.

Only "in the making"?

Actually it's all relative, in Japan the Docomo folks turned off CRLs because
they found that even a relatively modest CRL (not just the DoD monsters)
presented a nice DoS when sent over cellular data links.  What happened was
that as the CRLs grew, performance got worse and worse as the phone downloaded
the CRL.  It took them quite some time to diagnose that they were being DoS'd
by their own PKI.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list