| page_revoke.html (226031) | page_revoke.html (226128) |
|---|---|
| 1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 2<html><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> 3<title>Heimdalx509library: Revocation methods</title> 4<link href="doxygen.css" rel="stylesheet" type="text/css"> 5<link href="tabs.css" rel="stylesheet" type="text/css"> 6</head><body> 7<p> 8<a href="http://www.h5l.org/"><img src="http://www.h5l.org/keyhole-heimdal.png" alt="keyhole logo"/></a> --- 9 unchanged lines hidden (view full) --- 18 </ul> 19 </div> 20</div> 21<div class="contents"> 22<h1><a class="anchor" name="page_revoke">Revocation methods </a></h1>There are two revocation method for PKIX/X.509: CRL and OCSP. Revocation is needed if the private key is lost and stolen. Depending on how picky you are, you might want to make revocation for destroyed private keys too (smartcard broken), but that should not be a problem.<p> 23CRL is a list of certifiates that have expired.<p> 24OCSP is an online checking method where the requestor sends a list of certificates to the OCSP server to return a signed reply if they are valid or not. Some services sends a OCSP reply as part of the hand-shake to make the revoktion decision simpler/faster for the client. </div> 25<hr size="1"><address style="text-align: right;"><small> | 1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 2<html><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> 3<title>Heimdalx509library: Revocation methods</title> 4<link href="doxygen.css" rel="stylesheet" type="text/css"> 5<link href="tabs.css" rel="stylesheet" type="text/css"> 6</head><body> 7<p> 8<a href="http://www.h5l.org/"><img src="http://www.h5l.org/keyhole-heimdal.png" alt="keyhole logo"/></a> --- 9 unchanged lines hidden (view full) --- 18 </ul> 19 </div> 20</div> 21<div class="contents"> 22<h1><a class="anchor" name="page_revoke">Revocation methods </a></h1>There are two revocation method for PKIX/X.509: CRL and OCSP. Revocation is needed if the private key is lost and stolen. Depending on how picky you are, you might want to make revocation for destroyed private keys too (smartcard broken), but that should not be a problem.<p> 23CRL is a list of certifiates that have expired.<p> 24OCSP is an online checking method where the requestor sends a list of certificates to the OCSP server to return a signed reply if they are valid or not. Some services sends a OCSP reply as part of the hand-shake to make the revoktion decision simpler/faster for the client. </div> 25<hr size="1"><address style="text-align: right;"><small> |
| 26Generated on Sat Jul 30 13:45:38 2011 for Heimdalx509library by <a href="http://www.doxygen.org/index.html"><img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.5.6</small></address> | 26Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by <a href="http://www.doxygen.org/index.html"><img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.5.6</small></address> |
| 27</body> 28</html> | 27</body> 28</html> |