Hi,
thanks for the clarification. BTW: OCSP is available in belgium. But we like
to have a fallback
2009/3/12 Nelson B Bolyard nel...@bolyard.me
dave (Mike) davesons wrote, On 2009-03-11 08:52:
In our organization we use nss to validate CRLs of the Belgian
Government.
In a few months
Hi again,
Does anyone know of any benchmarks regarding the size of CRLs towards
performance? Or how much CRLs are supported at most?
2009/3/12 dave davesons dave.daves...@gmail.com
Hi,
thanks for the clarification. BTW: OCSP is available in belgium. But we
like to have a fallback
Dave,
Yes, I did some benchmarks many years ago when I worked on the CRL cache.
I was using a 26 MB CRL, and it was about 1 million revoked certs I believe.
The RAM usage is significant, I think you can count on about 4-6x the
size of the CRL. A CRL of that size may be OK on today's machines.
Dear,
In our organization we use nss to validate CRLs of the Belgian Government.
In a few months it is expected that these CRLs will grow exponentially. It
will be necessary to download many gigabytes of CRLs each day. Therefore,
delta CRL seem to become necessary.
Is there already any progress
dave (Mike) davesons wrote, On 2009-03-11 08:52:
In our organization we use nss to validate CRLs of the Belgian Government.
In a few months it is expected that these CRLs will grow exponentially.
It will be necessary to download many gigabytes of CRLs each day.
So, you see this problem
On 03/12/2009 04:04 AM, Nelson B Bolyard:
In our organization we use nss to validate CRLs of the Belgian Government.
In a few months it is expected that these CRLs will grow exponentially.
It will be necessary to download many gigabytes of CRLs each day.
So, you see this problem coming in
On 03/12/2009 04:33 AM, Julien R Pierre - Sun Microsystems:
No, it isn't. That would be true only if a CRL entry was a single bit.
But a CRL entry contains the serial number, revocation date, reason
code, and possibly other information. It's also ASN.1 encoded. A CRL
entry is rarely less than
Dear all,
does the current version of nss already support delta crls? I can only find
old information about this. Where can I find up to date info about such
information?
thanks
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
8 matches
Mail list logo