Basic HTML version of Foils prepared August 4 1997

Foil 58 VeriSign's Description of Certificate Revocation II

From Remarks on Java and Internet Security Web Certificate CPS616 Enhancement -- Summer 1997 . by Geoffrey C. Fox
1 When verifying a signature, you can check the relevant CRL to make sure the signer's key has not been revoked if the signed document is important enough to justify the time it takes to perform this check.
2 Certification Authorities (CAs) maintained CRLs and provide information about revoked keys originally certified by the CA.
  • CRLs only list current keys, since expired keys should not be accepted in any case; when a revoked key is past its original expiration date it is removed from the CRL.
  • Although CRLs are maintained in a distributed manner, there may be central repositories for CRLs, that is, sites on networks containing the latest CRLs from many organizations.
  • An institution like a bank might want an in-house CRL repository to make CRL searches feasible on every transaction.
in Table To:

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Wed Apr 1 1998