In relation to the appended Pem email [and earlier messages],
I would urge all to remember that
there are large organizations in existence that will want to have one, or a
small number of CAs to cover their environment. For example the HR
department of Boeing would want to work with one or a small number of CAs
for @120K Boeing employees + @60K employees of suppliers, vendors and
subcontractors. If affiliations are linked with the certificates (Boeing
requires such at this time) the thrash rate for 100% turnover equivalent is
about 1 year and has been speeding up. If you want to think about mail
enabled applications for things like time reporting and payroll [not to
mention physical access control systems for buildings] the maximum
acceptable delay is <1 week at best and the usage per application may easily
exceed 100K validations per day.
Not all CAs will be in the range of 20 people. Single work groups at Boeing
can exceed 3,000 people.
Hope the additional perspective is useful.
PS. A reminder, not all mail systems preserve SMTP headers, so a name and
email address in each message is appreciated. This allows responding to an
author directly or at least knowing who is saying what. My mail simply says
From: pem-dev-request on many Pem messages.
PPS. We need to have email with privacy and authentication across the
1,000,000 + person aeronautical industry as soon as standards and products
support it.
Thanks for your attention;
Rich Harris rharris(_at_)atc(_dot_)boeing(_dot_)com
Boeing Computer Services/ Computing Security Technology
PO Box 24346, M/S 7L-15 / Seattle WA 98124
phone 206-865-4922 fax 206-865-6903
----------
From: pem-dev-request
To: Theodore Ts'o
Cc: Sead Muftic; pem-dev
Subject: Re: Re: CRLs: COST-PEM Solutions
Date: Tuesday, September 21, 1993 6:23PM
Again assuming 1,000,000 users per PCA, we would have 50*100000 or
5 megabytes per CRL. Even if only 10% of the users requesed an
individual
update on a daily basis, that would be 500 gigabytes per day of CRLs
flowing
out of that one PCA.
There is one major flaw in your analysis. Each CA issues a CRL; there
isn't a single moby CRL which is issued by the PCA. And most users
won't be requesting an a completely update of all of the CRL's --- just
of the CA's with whom they are corresponding.
Oops, arggh, you got me! (blush, shame, confusion...)
You are correct, I was thinking that the PCA sent out a long super
CRL. I knew better. (Engage brain before putting mouth in gear.)
Now, how can we reasonably go about determining the distribution
of users across CAs, and the clustering of user requests?
Let's try to guess how many users there might be per CA, on the
average. Does 300-500 sound about right? Many more than that
and someone is going to be busy almost constantly generating ]
certificates, and the queue of people outside of the door will be
pretty long.
(Maybe we ought to think about this from an operating system
cache hit model? What is the optimum size for a CA, given
that CRLs will be aggregated by CAs?)
I'm sorry I obscured my basic message, which was to propose
that we consider some type of an incremental update mechanism
rather than distributing the entire list of CRLs to anyone who asks.
If we were to distribute the baseline CRL list weekly, then the number
of CAs that would have any change at all should be rather small
and the PCA could simply broadcast a daily list of those CAs that had
changed. This would serve to invalidate the locally-stored version
of that CA's CRL, forcing the user (or his directory server)
to go get a fresh copy iff some user wishes to communicate with
someone within that CA.
With this mechanism emergency CRLs could be reliably propagated
within 24 hours, and the PCA would flood approximately 5 megabytes
per weekend. (Even less, if some type of a subscription service were
used so that only the needed CAs CRLs were acquired from some
intermediate server. I'm sure that the good people in the Bureau of
Indian Affairs do good work, and they may even use email a lot.
But they are not in my list of frequent correspondents.)
This seems to achieve the goal I had in mind of trying to provide
rapid dissemination of emergency CRLs without swamping the
network.
Sorry about the false trail.
Bob