|
|
|
|
|
|
by dvanduzer
4437 days ago
|
|
|
I'm having a lot of trouble getting past: "Certificates bind a public key and an identity (commonly a DNS name) together." X.509 certificates bind a public key and a human recognizable string (a "common name") together to create a verifiable digital identity. Over-simplified, X.509 is about solving the "I'm Spartacus" problem. CRLs solve the "He was Spartacus" problem. I agree with the broad conclusion that CRLs aren't effective for human trust, but they are perfectly reasonable for machine trust. Why didn't the author mention Kerberos? The default lifetime of a Kerberos ticket is designed around humans: roughly the length of a work shift in front of a computer terminal. final edit: meta-moderation is hard |
|
|