Concept

Liste de révocation de certificats

In cryptography, a certificate revocation list (or CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted". CRLs are no longer required by the CA/Browser forum, as alternate certificate revocation technologies (such as OCSP) are increasingly used instead. Nevertheless, CRLs are still widely used by the CAs. There are two different states of revocation defined in RFC 5280: Revoked A certificate is irreversibly revoked if, for example, it is discovered that the certificate authority (CA) had improperly issued a certificate, or if a private-key is thought to have been compromised. Certificates may also be revoked for failure of the identified entity to adhere to policy requirements, such as publication of false documents, misrepresentation of software behaviour, or violation of any other policy specified by the CA operator or its customer. The most common reason for revocation is the user no longer being in sole possession of the private key (e.g., the token containing the private key has been lost or stolen). Hold This reversible status can be used to note the temporary invalidity of the certificate (e.g., if the user is unsure if the private key has been lost). If, in this example, the private key was found and nobody had access to it, the status could be reinstated, and the certificate is valid again, thus removing the certificate from future CRLs. Reasons to revoke, hold, or unlist a certificate according to RFC 5280 are: unspecified (0) keyCompromise (1) cACompromise (2) affiliationChanged (3) superseded (4) cessationOfOperation (5) certificateHold (6) removeFromCRL (8) privilegeWithdrawn (9) aACompromise (10) Note that value 7 is not used. A CRL is generated and published periodically, often at a defined interval. A CRL can also be published immediately after a certificate has been revoked. A CRL is issued by a CRL issuer, which is typically the CA which also issued the corresponding certificates, but could alternatively be some other trusted authority.

Source officielle

https://fr.wikipedia.org/wiki/Liste_de_révocation_de_certificats

À propos de ce résultat

Cette page est générée automatiquement et peut contenir des informations qui ne sont pas correctes, complètes, à jour ou pertinentes par rapport à votre recherche. Il en va de même pour toutes les autres pages de ce site. Veillez à vérifier les informations auprès des sources officielles de l'EPFL.

Liste de révocation de certificats

Graph Chatbot

Chattez avec Graph Search

Review of health and well-being aspects in Green Certification Protocols

Do energy performance certificates allow reliable predictions of actual energy consumption and savings? Learning from the Swiss national database

Mitigating the variability of hydrogen production in mixed culture through bioaugmentation with exogenous pure strains

Review of health and well-being aspects in Green Certification Protocols

Mitigating the variability of hydrogen production in mixed culture through bioaugmentation with exogenous pure strains

Do energy performance certificates allow reliable predictions of actual energy consumption and savings? Learning from the Swiss national database