CRL
Certificate Revocation List (CRL)
Essentially, a Cetificate Revocation List is a master reference list of all credentials that have been issued, with information about which ones are currently canceled (or revoked). This master list must be published frequently (daily, weekly) by a Certificate Authority along with proof of authenticity (seal, digital signature, etc.) and a copy must be given to every relying party.
List-based validation can be performed extremely quickly by a relying party without needing to talk to a separate authority with every transaction (offline validation). Unfortunately, these master lists can become extremely large and unwieldy for many applications, and it is frequently not practical to transfer a new list to every potential relying party every day.
Advantages/Disadvantages
|
|
|
|
|
Suitable Applications
 |
Use of CRLs is an ideal solution for deployment with a small user base, like a company with several thousand employees who use ID cards to access a building, or use smart cards to log onto their computers. |
CoreStreet PKI Products
