February 5, 2002
Practical Aspects of Modern Cryptography
47
The Problem with CRLs (4)
nYou can’t revoke a CRL
nOnce you commit to a CRL, it’s a valid state for the entirety of its validity period
nWhat happens if you have to update the CRL while the CRL you just issued is still valid?
nYou can update it, but clients aren’t required to fetch it since the one they have is still valid!
nBottom line: yikes!
nWe need something else