nA CA
revokes a certificate by placing the cert on its Certificate Revocation List
(CRL)
nEvery
CA issues CRLs to cancel out issued certs
nA
CRL is like anti-matter – when it comes into contact with a certificate it
lists it cancels out the certificate
nThink
“1970s-style credit-card blacklist”
nRelying
parties are expected to check CRLs before they rely on a certificate
n“The
cert is valid unless you hear something telling you otherwise”