@@JohnSmith-lp1tg funny, try if you smelllllllllllllllllllllllllllllllllllllllllll what the rock!!!!!!!!!!!!!!!!!!!!!! is cookingggggggggggggggggggggggg!!!!!!!!!!!!!!!!!!
Hey professor, from what I learned before is that the term "leaf CA" is not standard because the leaf typically do not have CA capabilities, therefore would just be "leaf certificates". Is this true?
RA is a team of people making phone calls, sending emails, and checking documentation for the organization requesting the certificate. CRL is similar to OCSP (OCSP is the newer system that replaced CRLs but CRLs still exist and will continue existing for a long time). CRLs and OCSPs are the tech used to communicate if the cert is revoked. Simplfied, CRL/OCSP lists are denylists for certificates. Once a cert goes on that list, it's irreversibly untrusted. So the RA team will decide whether or not to revoke, and then if they do decide to revoke, the revoked cert gets added to the CRL and OCSP list. Every time you go to a site, it checks the certificate against the CRL/OCSP list to see if it is still valid.
Funny how I was explaining this to someone yesterday. Thanks Prof. Sharing
Funny? Try, hilarious.
Funny, Try, hysterically
@@JamesTune3278 Hysterically, try maniacally
@@JohnSmith-lp1tg funny, try if you smelllllllllllllllllllllllllllllllllllllllllll what the rock!!!!!!!!!!!!!!!!!!!!!! is cookingggggggggggggggggggggggg!!!!!!!!!!!!!!!!!!
ok... stop this guys. we've had enough
Certificates and PKI is so hard for me to comprehend
you are not alone they are indeed confusing
Hey professor, from what I learned before is that the term "leaf CA" is not standard because the leaf typically do not have CA capabilities, therefore would just be "leaf certificates". Is this true?
RA and CRL can both revoke certificates if they're deemed compromised?
RA is a team of people making phone calls, sending emails, and checking documentation for the organization requesting the certificate. CRL is similar to OCSP (OCSP is the newer system that replaced CRLs but CRLs still exist and will continue existing for a long time). CRLs and OCSPs are the tech used to communicate if the cert is revoked. Simplfied, CRL/OCSP lists are denylists for certificates. Once a cert goes on that list, it's irreversibly untrusted. So the RA team will decide whether or not to revoke, and then if they do decide to revoke, the revoked cert gets added to the CRL and OCSP list. Every time you go to a site, it checks the certificate against the CRL/OCSP list to see if it is still valid.
@@mattphillips4216 Well put.