Certificate Revocation List (CRL)

Certificate Revocation List (CRL) - A Certificate Revocation List (CRL) is a signed data structure that contains information about revoked certificates.

A certificate is the signed digital assertion by a Certification Authority (CA) that allows a trust relationship between a client and a server. Although a certificate has a limited lifetime, there are certain events that may make it invalid before it expires. For example, if information contained in the certificate about the domain or its owner changes; the certificate can no longer be trusted and should be revoked. Another event that requires the certificate to be revoked is when the private key, which is linked to the public key in the certificate, is compromised.

The CRL is published by the CA that published the original certificate, or it can be delegated to a CRL Authority. The lists are republished at intervals, for example, a day or a week, depending on the nature of the application.

[Category=Data Security ]

Source: RSA, 11 August 2011 10:12:53, http://www.rsa.com/glossary/