For codesigning CRLs VeriSign is currently taking the hit and keep
advising revoked certificates are revoked long after they expire
because of limitations in software clients which will hopefully
someday be upgraded with respect to revocation checking. This is very
expensive for us
?? Your publicly available codesigning crl here http://crl.verisign.com/ are all very small compared with the server certificate crl, even with the old cert.
If all your users were switching to OCSP, the required bandwidth would be more expensive I think.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
