CA:ImprovingRevocation: Difference between revisions

Jump to navigation Jump to search

CA:ImprovingRevocation (view source)

Revision as of 00:21, 5 September 2013

90 bytes removed ,  5 September 2013
→‎Plan for Improving Revocation Checking in Firefox
Line 8: Line 8:


The traditional X.509 CRL and OCSP mechanisms treat all possible reasons for revocation uniformly for all websites. This uniformity leads directly to the scalability problem of revocation checking: relatively unimportant revocations overwhelm the system and completely drown out obviously critical revocations. The key to efficient, scalable processing of revocations in the short term is to realize that there are multiple possible ways for revocation information to be retrieved and that the choice of retrieval method can be made on the basis of the reason for revocation.
The traditional X.509 CRL and OCSP mechanisms treat all possible reasons for revocation uniformly for all websites. This uniformity leads directly to the scalability problem of revocation checking: relatively unimportant revocations overwhelm the system and completely drown out obviously critical revocations. The key to efficient, scalable processing of revocations in the short term is to realize that there are multiple possible ways for revocation information to be retrieved and that the choice of retrieval method can be made on the basis of the reason for revocation.
[[CA:RevocationBackground | Why are Certificates Revoked? Who is Responsible for What?]]


== Problems to Solve ==
== Problems to Solve ==
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/703292"

Navigation menu