February 5, 2002
Practical Aspects of Modern Cryptography
45
The Problem with CRLs (2)
nCRL design made it worse
nCLRs can contain retroactive invalidity dates
nA CRL issued today can say a cert was invalid as of last week.
nChecking that something was valid at time t wasn’t sufficient!
nBack-dated CRLs can appear at any time in the future
nIf you rely on certs & CRLs you’re screwed because the CA can change the rules out from under you later.