Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted. CRLs are a type of blacklist and are used by various endpoints, including Web browsers, to verify whether a certificate is valid and trustworthy. Digital certificates are used in the encryption process to secure communications, most often by using the TLS/SSL protocol. The certificate, which is signed by the issuing Certificate Authority, also provides proof ofthe identity of the certificate owner.
When a Web browser makes a connection to a site using TLS, the Web server’s digital certificate is checked for anomalies or problems; part of this process involves checking that the certificate is not listed in a Certificate Revocation List. These checks are crucial steps in any certificate-based transaction because they allow a user to verify the identity of the owner of the site and discover whether the Certificate Authority still considers the digital certificate trust worthy.
The X.509 standard defines the format and semantics of a CRL for a public key infrastructure. Each entry in a Certificate Revocation List includes the serial number of the revoked certificate and the revocation date. The CRL file is signed by the Certificate Authority to prevent tampering. Optional information includes a time limit if the revocation applies for only a period of time and a reason for the revocation. CRLs contain certificates that have either been irreversibly revoked or that have been marked as temporarily invalid.
'Computer Science > Terminology' 카테고리의 다른 글
| Transport Layer Security (TLS) (0) | 2018.03.30 |
|---|---|
| Public Key Infrastructure (PKI) (0) | 2018.03.30 |
| Certificate Authority (CA) (0) | 2018.03.30 |
| Communication Processor (CP) (0) | 2018.03.30 |
| Application Processors (AP) (0) | 2018.03.30 |