Just dumping a question I had in mind, how will bogus certificate be revoked given that the log is append-only. ChatGPT said CAs maintain a CRL (Certificate Revocation List), was too lazy to ask it what happens if that list gets compromised tho
It is CA's job to declare this revocation. This revocation is typically advertised by either the CRL list (older) or via OSCP. To optimize and reduce latency, OSCP stapling is also something worth reading about.
I was watching one video per day and reading about the same topic that day. Thank you so much for this Jordan! ❤
Thank you for this. Now i have no life to binge watch all of your videos.
Really helpful once again.
got some good idea for the basic at least in the first half of the video! thank you.
Just dumping a question I had in mind, how will bogus certificate be revoked given that the log is append-only. ChatGPT said CAs maintain a CRL (Certificate Revocation List), was too lazy to ask it what happens if that list gets compromised tho
I'll be honest with you I don't know this off the top of my head, perhaps worth consulting google. Let me know what you find!
It is CA's job to declare this revocation. This revocation is typically advertised by either the CRL list (older) or via OSCP. To optimize and reduce latency, OSCP stapling is also something worth reading about.