Date: Tue, 21 Sep 93 14:15:49 EDT
From: jueneman <@gte.com:jueneman(_at_)wotan>
Again assuming 1,000,000 users per PCA, we would have 50*100000 or
5 megabytes per CRL. Even if only 10% of the users requesed an individual
update on a daily basis, that would be 500 gigabytes per day of CRLs flowing
out of that one PCA.
There is one major flaw in your analysis. Each CA issues a CRL; there
isn't a single moby CRL which is issued by the PCA. And most users
won't be requesting an a completely update of all of the CRL's --- just
of the CA's with whom they are corresponding.
It is true that the PCA with 1,000,000 users will need to keep roughly 5
megabytes worth of CRL's on line --- but that's not a lot of disk space
in this day and age of gigabyte disks. But few if any users will need
to receive all of the CRL's.
So for nonrepudiation purposes, you don't need to store a 5 megabyte CRL
--- if a CA only has 200 users under it, then the CRL for that CA will
be only 10k long --- which is much more reasonable that 5 megabytes. :-)
- Ted
P.S. I will also point out that last I checked, a complete Usenet feed
is well over 20 megabytes/day --- and that is distributed using a
flooding mechanism --- which we could also use for CRL's, since except
for emergency CRL's, you can verify that you have a correct CRL without
needing to get it from a trusted source.
I think that most people would agree that the value of CRL's exceeds the
value of alt.sex.pictures --- and people have managed to distribute
Usenet all over the world without trying very hard. :-)