Bu sayfanın seçili sürümü ile mevcut sürümü arasındaki farkları gösterir.
en:esya:aaa:sil [2013/07/29 05:38] Dindar Öz |
en:esya:aaa:sil [2013/09/12 13:15] (mevcut) Dindar Öz |
||
---|---|---|---|
Satır 11: | Satır 11: | ||
* They include the issue and expiry date. | * They include the issue and expiry date. | ||
* They include issuer's name and signature. | * They include issuer's name and signature. | ||
- | * Ther ayre published on the electronic media like internet with small periods | + | * They are published on the electronic media like internet with small periods |
A sample CRL can be as follows: | A sample CRL can be as follows: | ||
Satır 17: | Satır 17: | ||
{{ :esya:aaa:2.png | Şekil 2 Örnek SİL }} | {{ :esya:aaa:2.png | Şekil 2 Örnek SİL }} | ||
- | In PKI systemsi it is mandatory for every agent performing a certificate-based operation to check CRL while validating certificates. If the serial number of a certificate included in the CRL, it must be considered as invalid and the operation must be cancelled. | + | In PKI systems it is mandatory for every agent performing a certificate-based operation to check CRL while validating certificates. If the serial number of a certificate included in the CRL, it must be considered as invalid and the operation must be cancelled. |
CRLs are indeed required in PKI for two main reasons: | CRLs are indeed required in PKI for two main reasons: | ||
- | * The information of the certificate's owner may have changed. | + | * The information of the certificate's owner may have changed. |
- | * The key pair of the certificate's owner may have changed. | + | * The key pair of the certificate's owner may have changed. |
+ | ==== Delta CRL ==== | ||
+ | CRLs can become very long on large CAs that have experienced significant amounts of certificate revocation. This can become a burden for clients to download frequently. To help minimize frequent downloads of lengthy CRLs, delta CRLs can be published. This allows the client to download the most current delta CRL and combine that with the most current base CRL to have a complete list of revoked certificates. |