Definition Edit

A Certificate Revocation List (CRL) is

Overview Edit

The list is usually signed by the same entity that issued the certificates. Certificates may be revoked, for example, if the owner’s private key has been lost; the owner leaves the company or agency; or the owner’s name changes. CRLs also document the historical revocation status of certificates. That is, a dated signature may be presumed to be valid if the signature date was within the validity period of the certificate, and the current CRL of the issuing CA at that date did not show the certificate to be revoked.

References Edit

  1. DM3595-001, at 4.
  2. NIST Special Publication 800-63.
  3. NIST Special Publication 800-21 (2d ed.).

See also Edit

Community content is available under CC-BY-SA unless otherwise noted.