|
|
|
|
|
|
by MattPalmer1086
1605 days ago
|
|
|
It limits the time in which a certificate compromise can be exploited. Clients cache CRLs. Without revocation, a compromised cert remains useful to an attacker for the entire validity period of the cert, it they can MITM you. With revocation, they must MITM you constantly to prevent you from acquiring the revocation list. This substantially adds to cost and complexity of such an attack, and means that many, if not all clients will be protected. So it's not perfect, but ask what the world looks like without it. |
|
|