Skip to Content.
Sympa Menu

mace-opensaml-users - Re: CRL question

Subject: OpenSAML user discussion

List archive

Re: CRL question


Chronological Thread 
  • From: Walter Hoehn <>
  • To:
  • Cc:
  • Subject: Re: CRL question
  • Date: Fri, 21 Apr 2006 09:30:22 -0500

My experience is that most folks just pretend that CRLs don't exist and go merrily on their way.

Are you authenticating users or system entities with your certificates? If it's the latter, I think it's easier just to dump the PKI and use bi-lateral trust.

-Walter


On Apr 21, 2006, at 6:54 AM,

wrote:


Hi all,

We have implemented with opensaml the authentication mechanism of our website. However, the time for the authentication is pretty long (it takes about 20 seconds). We would like to cache the CRLs in order not to connect to them every time via http.

One possible solution is of course to download them and heep them locally, but then we have the problem of the "next update" date. I mean, we have to update each CRL regularly or when "next update" indicates.

has anyone had this situation and found maybe a solution?

Thanks,
Miro






Archive powered by MHonArc 2.6.16.

Top of Page