Distribution, Replacement, Revocation

• Certificate & CRL servers:

  • replication for redundancy, scalability
  • location (NAPs?) offering direct access and requiring minimal routing
  • support download of whole certificate database
  • support queries for individual certificates
  • support download of all certificate revocation lists (CRLs), but push/pull model not yet defined

• Attestations

  • distributed with BGP UPDATEs as path attributes
  • cached with associated routes
  • expiration date present, but no revocation mechanism chosen yet

Previous slide

Next slide

Back to first slide

View graphic version