Publishing Revocation Lists
A CRL is generated and published periodically, often at a defined interval. A CRL can also be published immediately after a certificate has been revoked. The CRL is always issued by the CA which issues the corresponding certificates. All CRLs have a lifetime during which they are valid; this timeframe is often 24 hours or less. During a CRL's validity period, it may be consulted by a PKI-enabled application to verify a certificate prior to use.
To prevent spoofing or denial-of-service attacks, CRLs usually carry a digital signature associated with the CA by which they are published. To validate a specific CRL prior to relying on it, the certificate of its corresponding CA is needed, which can usually be found in a public directory (e.g. preinstalled in web browsers).
The certificates for which a CRL should be maintained are often X.509/public key certificates, as this format is commonly used by PKI schemes.
Read more about this topic: Revocation List
Famous quotes containing the words publishing and/or lists:
“While you continue to grow fatter and richer publishing your nauseating confectionery, I shall become a mole, digging here, rooting there, stirring up the whole rotten mess where life is hard, raw and ugly.”
—Norman Reilly Raine (1895–1971)
“Behold the Atom—I preferred—
To all the lists of Clay!”
—Emily Dickinson (1830–1886)