On 03/12/2009 04:33 AM, Julien R Pierre - Sun Microsystems:
No, it isn't. That would be true only if a CRL entry was a single bit. But a CRL entry contains the serial number, revocation date, reason code, and possibly other information. It's also ASN.1 encoded. A CRL entry is rarely less than about 25 bytes. A gigabyte CRL would represent about 40 million revocations.
Argg, yes. I went for 125 bytes per entry but multiplied instead of divided. Small difference :-)
Still 40 millions or even just 12.5 million revocations doesn't sound reasonable to me anywhere. Better not issues certificates in first place...In short I've never heard of a CLR this size.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto