Distributing Certificates, CRLs, & AAs

• Putting certificates & CRLs in UPDATEs would be redundant and make UPDATEs too big

• Same is true for address attestations

• Solution: use servers for these data items

  • replicate for redundancy & scalability
  • locate at NAPs for direct (non-routed) access
  • download options:
    • whole certificate/AA/CRL databases
    • queries for specific certificates/AAs/CRLs

• To minimize processing & storage overhead, NOCs should validate certificates & AAs, and send processed extracts to routers

Previous slide

Next slide

Back to first slide

View graphic version