Publishing Revocation Lists
A CRL is generated and published periodically, often at a defined interval. A CRL can also be published immediately after a certificate has been revoked. The CRL is always issued by the CA which issues the corresponding certificates. All CRLs have a lifetime during which they are valid; this timeframe is often 24 hours or less. During a CRL's validity period, it may be consulted by a PKI-enabled application to verify a certificate prior to use.
To prevent spoofing or denial-of-service attacks, CRLs usually carry a digital signature associated with the CA by which they are published. To validate a specific CRL prior to relying on it, the certificate of its corresponding CA is needed, which can usually be found in a public directory (e.g. preinstalled in web browsers).
The certificates for which a CRL should be maintained are often X.509/public key certificates, as this format is commonly used by PKI schemes.
Read more about this topic: Revocation List
Famous quotes containing the words publishing and/or lists:
“While you continue to grow fatter and richer publishing your nauseating confectionery, I shall become a mole, digging here, rooting there, stirring up the whole rotten mess where life is hard, raw and ugly.”
—Norman Reilly Raine (1895–1971)
“Behold then Septimus Dodge returning to Dodge-town victorious. Not crowned with laurel, it is true, but wreathed in lists of things he has seen and sucked dry. Seen and sucked dry, you know: Venus de Milo, the Rhine or the Coloseum: swallowed like so many clams, and left the shells.”
—D.H. (David Herbert)