what it takes, but so far I don't sense a common understanding of the problem,
much less any agreement about the solution.
I think the problems ARE well understood by most on this list. What can't be
known are all the constraints that people would LIKE to add to the mechanism.
Earlier someone calculated that the size of CRL's could be large. In their
example this was because of the duration of the certificates. If a cert's
lifetime is short, then it expires and would thus be on a CRL for only a
short period of time.
IF you need to have the latest CRL always, then just fetch it every day or
even more often... In the UK before we got Internet connected and were using
our own X25 based networking protocols we would pull down a 2Megabyte
compressed directory of host and addresses every night. It wasn't a problem.
You could setup a news group for CRL disemination.. Or even get an X500
client!
Pete.