In a recent posting by Sead Muftic, we were encouraged to find out about
the COST offering of privacy enhanced mail. I obtained a copy of the
announcement and while reading it came across the following :
"Contrary to the PEM RFCs, the CRLs will not be distributed through the
hierarchy. They will be kept by CAs as the local CRL database. The CRLs
will be used to reply to user requests for distribution or verification of
particular certificates."
If I read this correctly, each time I wish to verify a certificate issued
by a COST CA, I must somehow send the certificate to the CA and then await
for a reply whether it is on the CAs CRL. If so, its going to take quite
some time for my PEM software to work its way through a certification path
(assuming it validates certificates as it goes along).
Am I making a mistake somewhere?
Regards,
Dan Nessett