Short Lifetimes

• Avoid CRLs at all costs

• Even at the cost of long-term signatures and encryption

• Authentication only

• MIT allows up to a year

• Over 50,000 served! (in the first year alone)

Previous slide

Next slide

Back to first slide

View graphic version

RL “Bob” Morgan, UW:

The problem is you can’t find someone’s public key.

And you may be getting multiple keys for each machine