In cryptography, a certificate revocation list (CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted".[1] CRLs are no longer required by the CA/Browser forum,[2] as alternate certificate revocation technologies (such as OCSP) are increasingly used instead.[3][4] Nevertheless, CRLs are still widely used by the CAs.[5]
^"What is Certificate Revocation List (CRL)? - Definition from WhatIs.com". TechTarget. Retrieved October 26, 2017.
^"Baseline Requirements". CAB Forum. Archived from the original on 2014-01-07. Retrieved 1 November 2021.
^Cite error: The named reference :0 was invoked but never defined (see the help page).
^Santesson, Stefan; Myers, Michael; Ankney, Rich; Malpani, Ambarish; Galperin, Slava; Adams, Carlisle (June 2013). "RFC 6960: X.509 Internet Public Key Infrastructure: Online Certificate Status Protocol - OCSP". Internet Engineering Task Force (IETF). Archived from the original on 2018-12-15. Retrieved 2021-11-24. In lieu of, or as a supplement to, checking against a periodic CRL, it may be necessary to obtain timely information regarding the revocation status of certificates. ... OCSP may be used to satisfy some of the operational requirements of providing more timely revocation information than is possible with CRLs and may also be used to obtain additional status information.
^Korzhitskii, Nikita; Carlsson, Niklas (2021). Revocation Statuses on the Internet. arXiv:2102.04288. {{cite book}}: |work= ignored (help)
and 26 Related for: Certificate revocation list information
cryptography, a certificaterevocationlist (CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before...
certificate until expiry. Hence, revocation is an important part of a public key infrastructure. Revocation is performed by the issuing certificate authority...
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described...
re-issuance of certificates authorizing intermediate CAs. A drawback to offline operation is that hosting of a certificaterevocationlist by the root CA...
whether certificates are still valid. They provide this information through Online Certificate Status Protocol (OCSP) and/or CertificateRevocation Lists...
compromised or misissued certificate until expiry. Hence, revocation is an important part of a public key infrastructure. Revocation is performed by the issuing...
is a standard for checking the revocation status of X.509 digital certificates. It allows the presenter of a certificate to bear the resource cost involved...
a certificaterevocationlist (CRL) for download via the HTTP or LDAP protocols. To reduce the amount of network traffic required for certificate validation...
because it may have been compromised. Such keys are placed on a certificaterevocationlist or CRL. session key - key used for one message or an entire communications...
authority Digital signature Certificate policy Certificate Practice Statement Certificaterevocationlist Online Certificate Status Protocol Computerized...
PKIX RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CertificateRevocationList (CRL) Profile RFC 5282: Using Authenticated Encryption...
revoked all TLS certificates and estimated that publishing its Certificaterevocationlist would cost the issuer, GlobalSign, $400,000 per month that year...
"certificate" and "certificaterevocationlist" as well as numerous other concepts now established as important parts of PKI. The X.509 certificate specification...
800-56A Suite B Cryptography Standards RFC 5759, Suite B Certificate and CertificateRevocationList (CRL) Profile RFC 6239, Suite B Cryptographic Suites...
CI+ standard allows revocation of compromised CI+ Hosts. This is done by broadcasting a Service Operator CertificateRevocationList (SOCRL) in a DSM-CC...
key-pair. Checking revocation status requires an "online" check; e.g., checking a certificaterevocationlist or via the Online Certificate Status Protocol...
CRL Group, a British video game company Certificaterevocationlist, in computing, a list of revoked certificates Chemistry Research Laboratory, University...
DigiNotar from its list of trusted certificate issuers. Opera always checks the certificaterevocationlist of the certificate's issuer and so they initially...
qualified digital certificate, which include: Providing a valid date and time stamp of when the certificate was created, immediate revocation of any signature...
that each signing certificate was not in certificaterevocationlist at the time of signing. Any signatures prior to the revocation are still valid (therefore...
Validation certificates do not require issuing certificate authorities to immediately support Online Certificate Status Protocol for revocation checking...
subject of the certificate. The attributes can contain required certificate extensions, a challenge-password to restrict revocations, as well as any...
certificates are revoked. CRLs are no longer required by the CA/Browser forum, nevertheless, they are still widely used by the CAs. Most revocation statuses...