Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [crl]

Certificate Revocation List (CRL) is one of two common methods when using a public key infrastructure for maintaining access to servers in a network.

Certificate Revocation List (CRL) is one of two common methods when using a public key infrastructure for maintaining access to servers in a network.

The other, newer method, which has superseded CRL in some cases, is Online Certificate Status Protocol (OCSP).

11 questions
2
votes
1 answer

Any case that can require to encrypt a certificate revocation list before distribution

As far as we know certificate revocation lists (CRLs) include public information so they do not have to be encrypted before distribution. Is there a case that can require to encrypt it before distribution? A case in which eavesdroppers can capture…
Samet Tonyalı
  • 181
  • 6
2
votes
1 answer

CRL number generation sequence: can I use a time stamp?

RFC 5280 states that the CRL number should monotonically increase. I have seen this common practice of incrementing the CRL number by 1, every time a new CRL is generated. But can I use a Unix (epoch based) time stamp as the CRL number, which is…
Buzz LIghtyear
  • 133
  • 4
1
vote
0 answers

What's the difference between this mentioned list and a certification revocation list?

I've come across this paper in which the authors mentioned that they don't use a revocation certification list (CRL) since it gives rise to significant costs due to storage and inefficient communication. But then in section 4-F (VEHICLE REVOCATION…
Chai Ma
  • 125
  • 6
1
vote
1 answer

certificate revocation list file size

Crl files are growing linearly. I wonder with 10 revoked certificate, what is the storage size of crl file and so on. For every revoke certificate, how much increase the size of the crl?
jhdm
  • 187
  • 6
1
vote
1 answer

What does (06) in "CRL Signing (06)" mean?

In "Certificate details -> key usage -> CRL Signing (06)", what does "(06)" in "CRL Signing (06)" mean?
IMène_
  • 11
  • 4
1
vote
1 answer

How are certificate status obtained on browsers?

There are two ways of checking the status of a digital certificate:- Offline Authentication (CRL) Online Authentication (OCSP, SCVP) Several browsers (like Mozilla Firefox) have given up the use of CRL over OCSP. OCSP and SCVP are susceptible to…
Vasu Deo.S
  • 469
  • 5
  • 16
1
vote
2 answers

How are CRL implemented?

The source from where I learn states:- CRL (Certificate Revocation List) is the primary means of checking status of certificates offline. But I can't seem to understand how is it possible for a single device (smartphone, computer etc) to store the…
Vasu Deo.S
  • 469
  • 5
  • 16
1
vote
1 answer

Secure Design and CRL?

I was at my College Security Lesson, the professor said that Certificate Revocation Lists (CRLs) violate some of the Secure Design principles. Secure Design Principles: Fail-Safe Defaults Economy of Mechanism Complete Mediation Open…
LUIGI SAVINO
  • 13
  • 3
1
vote
1 answer

how to avoid attack on Certificate Revocation List by the owner of the private key?

B requests for A's certificate and verifies with the key sent to him/her. There is an attack exists as follows: A sends message, cert and cert key to B. A sends cert revocation request to CA after confirming the cert and key were successfully…
lihui
  • 13
  • 3
1
vote
1 answer

How to sign a CRL file if I have offline keys?

I am generating a CA for internal use. When generating a CA, the best practice I have observed is to keep the root CA offline and emit an intermediate CA certificate that will in turn emit the end-user certificates. This way, a compromise of the…
gimix
  • 111
  • 4
1
vote
1 answer

I've got my private key compromised. How does CRL work?

How does certificate revocation list (CRL) work? How can I send a request to the CA to add my current private key to the CRL, so no one except me can add my certificate to the CRL? Related: - How can we get CA's public key? - I've got my private key…
evening
  • 1,383
  • 3
  • 15
  • 22