Re: delta crl support

2009-03-12 Thread dave davesons
Hi, thanks for the clarification. BTW: OCSP is available in belgium. But we like to have a fallback 2009/3/12 Nelson B Bolyard nel...@bolyard.me dave (Mike) davesons wrote, On 2009-03-11 08:52: In our organization we use nss to validate CRLs of the Belgian Government. In a few months

Re: delta crl support

2009-03-12 Thread dave davesons
Hi again, Does anyone know of any benchmarks regarding the size of CRLs towards performance? Or how much CRLs are supported at most? 2009/3/12 dave davesons dave.daves...@gmail.com Hi, thanks for the clarification. BTW: OCSP is available in belgium. But we like to have a fallback

Re: delta crl support

2009-03-12 Thread Julien R Pierre - Sun Microsystems
Dave, Yes, I did some benchmarks many years ago when I worked on the CRL cache. I was using a 26 MB CRL, and it was about 1 million revoked certs I believe. The RAM usage is significant, I think you can count on about 4-6x the size of the CRL. A CRL of that size may be OK on today's machines.

RE: delta crl support

2009-03-11 Thread dave davesons
Dear, In our organization we use nss to validate CRLs of the Belgian Government. In a few months it is expected that these CRLs will grow exponentially. It will be necessary to download many gigabytes of CRLs each day. Therefore, delta CRL seem to become necessary. Is there already any progress

Re: delta crl support

2009-03-11 Thread Nelson B Bolyard
dave (Mike) davesons wrote, On 2009-03-11 08:52: In our organization we use nss to validate CRLs of the Belgian Government. In a few months it is expected that these CRLs will grow exponentially. It will be necessary to download many gigabytes of CRLs each day. So, you see this problem

Re: delta crl support

2009-03-11 Thread Eddy Nigg
On 03/12/2009 04:04 AM, Nelson B Bolyard: In our organization we use nss to validate CRLs of the Belgian Government. In a few months it is expected that these CRLs will grow exponentially. It will be necessary to download many gigabytes of CRLs each day. So, you see this problem coming in

Re: delta crl support

2009-03-11 Thread Eddy Nigg
On 03/12/2009 04:33 AM, Julien R Pierre - Sun Microsystems: No, it isn't. That would be true only if a CRL entry was a single bit. But a CRL entry contains the serial number, revocation date, reason code, and possibly other information. It's also ASN.1 encoded. A CRL entry is rarely less than

delta crl support

2008-12-22 Thread sg4all
Dear all, does the current version of nss already support delta crls? I can only find old information about this. Where can I find up to date info about such information? thanks ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org