Again assuming 1,000,000 users per PCA, we would have 50*100000 or
5 megabytes per CRL. Even if only 10% of the users requesed an individual
update on a daily basis, that would be 500 gigabytes per day of CRLs flowing
out of that one PCA.
There is one major flaw in your analysis. Each CA issues a CRL; there
isn't a single moby CRL which is issued by the PCA. And most users
won't be requesting an a completely update of all of the CRL's --- just
of the CA's with whom they are corresponding.
Oops, arggh, you got me! (blush, shame, confusion...)
You are correct, I was thinking that the PCA sent out a long super
CRL. I knew better. (Engage brain before putting mouth in gear.)
Now, how can we reasonably go about determining the distribution
of users across CAs, and the clustering of user requests?
Let's try to guess how many users there might be per CA, on the
average. Does 300-500 sound about right? Many more than that
and someone is going to be busy almost constantly generating ]
certificates, and the queue of people outside of the door will be
pretty long.
(Maybe we ought to think about this from an operating system
cache hit model? What is the optimum size for a CA, given
that CRLs will be aggregated by CAs?)
I'm sorry I obscured my basic message, which was to propose
that we consider some type of an incremental update mechanism
rather than distributing the entire list of CRLs to anyone who asks.
If we were to distribute the baseline CRL list weekly, then the number
of CAs that would have any change at all should be rather small
and the PCA could simply broadcast a daily list of those CAs that had
changed. This would serve to invalidate the locally-stored version
of that CA's CRL, forcing the user (or his directory server)
to go get a fresh copy iff some user wishes to communicate with
someone within that CA.
With this mechanism emergency CRLs could be reliably propagated
within 24 hours, and the PCA would flood approximately 5 megabytes
per weekend. (Even less, if some type of a subscription service were
used so that only the needed CAs CRLs were acquired from some
intermediate server. I'm sure that the good people in the Bureau of
Indian Affairs do good work, and they may even use email a lot.
But they are not in my list of frequent correspondents.)
This seems to achieve the goal I had in mind of trying to provide
rapid dissemination of emergency CRLs without swamping the
network.
Sorry about the false trail.
Bob