0

How would a certificate authority create and maintain a certificate revocation list? When I browse through some CRLs I notice the number of certificates are huge (Eg - http://crl3.digicert.com/ssca-sha2-g6.crl)

Is the CRL maintained/stored as a List<thumbprint, revocationDate> ?

What does a revocation check look like? Is it internally maintained as a HashMap for quicker lookup, but does that scale if the list goes too big?

divyanshm
  • 6,600
  • 7
  • 43
  • 72

1 Answers1

1

Here is the specification: https://www.rfc-editor.org/rfc/rfc5280

Depending on the implementation often databases are used internally as source to produce the CRLs.

Community
  • 1
  • 1
Daniel Fisher lennybacon
  • 3,865
  • 1
  • 30
  • 38