|
|
|
|
|
|
by cratermoon
1075 days ago
|
|
|
Right. SSL certification revocation lists have been called "broken in practice". In perfect practice, any time you want to use a cert you have to check the CRL, which means you have to pull the whole CRL or have it on a short enough refresh to satisfy your risk profile. If the attempt to access the CRL fails, then what? Do you trust the cert or not?
https://en.wikipedia.org/wiki/Certificate_revocation_list#Pr... |
|
|