D
Deepak Nayal
Can anybody please let me know what is the use/functionality of
certificate revocation list (CRL) in SSL ?
certificate revocation list (CRL) in SSL ?
S
Sudsy
Deepak said:
If you can't find the answer from the documentation and widely
available repositories then you're not a very good programmer.
Asking here isn't going to elicit many pearls of wisdom...it
just means you don't understand the basics of PKI.
Ever wonder the fate of a company out-sourcing to such sages?
Then again, perhaps it does leave the rest of us with SOME
hope of opportunities...
N
nos
ya, and maybe you can tell me where to find
the reason that eggs should boil for 3 minutes
the reason that eggs should boil for 3 minutes
S
Sudsy
nos said:
Remind me never to eat at a place which has no comprehension
of bacteria and the times and temperatures needed to kill
them...
Whadda maroon!
D
Deepak Nayal
Thanks a lot, Sir !
That was really kind and helpful of you.
That was really kind and helpful of you.
I
iksrazal
Sudsy said:
Sir, that was quite rude. Why bother to post if you simply are
insulting people? I've seen you help lots of people, perhaps you're
having a bad day. _Everyone_ was a beginner at some point.
To answer the question as best I can, CRL's are used commonly with
X.509 digital certificates. Digital certificates, among other things,
help prevent the modification of transmitted data. But you can still
read the data - you want encryption to prevent that. CRL's are often
implemented via LDAP, and include things such as expiration. In other
words, digital certs can be invalidated on a per user/per app basis.
Sometimes the cert isn't even in the message, but is referenced by a
URI to save bandwidth and ease managebility. You can store these certs
and control their revokation yourself, on the filesystem, ldap etc, or
spend money on something like verisign and have them manage them for
you.
This topic is not only about SSL, but for XML signature and Web
Service security. Java has a rich, if somewhat dificult, API for
certs.
A good starting link:
http://babbage.clarku.edu/java/docs/guide/security/certpath/CertPathProgGuide.html
HTH
iksrazal
"The greatest enemy of knowledge is not ignorance, it
is the illusion of knowledge."
Stephen Hawking
I
iksrazal
Apart from the other reponse I gave below, here's a quick "what is
CRL" doc referenced in the other doc.
http://babbage.clarku.edu/java/docs/guide/security/cert3.html
There may be more recent versions of these docs.
Too add further, keep in mind certs prove the origin and
identification of the sender, and that priveledge is revocable.
Usually in SSL, its only one-way from the sender - the response
typically does not have SSL/certs. In Web Service Security, its
typically a two-way street.
You're in india? Kool, I'm in brazil. Software livre ou morte!
iksrazal
N
nos
iksrazal said:
If you are going to claim that this other fellow is rude and purport
to be the guy to the rescue on his white horse, at least you could do
is answer the question that is asked.
I
iksrazal
nos said:
Is this site now flaimbait? I posted two links that describe what
CRL's are from the java spec leader on the issue. What more you want?
Who the **** are you? The other post was indefensably race baiting,
and now you have nothing valuable to contribute except critisism for
someone trying to help. Sigh.
iksrazal
N
nos
i suppose you think your language is not rude?
(don't forget your complaint about rudeness)
(don't forget your complaint about rudeness)