Certificate Revocation List , CRL (abbreviation)

Such keys are placed on a certificate revocation list or CRL.

This is, more or less, equivalent to the certificate revocation lists of centralized PKI schemes.

Opera always checks the certificate revocation list of the certificate's issuer and so they initially stated they did not need a security update.

X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

Certificate Revocation List (CRL)

X.509 also includes standards for certificate revocation list (CRL) implementations, an often neglected aspect of PKI systems.

It supports certificate revocation lists and the Online Certificate Status Protocol (OCSP).

It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI).

The root CA certificates, the ones built-in to operating systems and Web browsers, include within them the URL of a Certificate Revocation List (CRL).

Since an OCSP response contains less information than a typical CRL (certificate revocation list), OCSP can use networks and client resources more efficiently.

The Kohnfelder thesis introduced the terms Certificate and Certificate Revocation List as well as introducing numerous other concepts now established as important parts of Public Key Infrastructure.

Specifically, Entrust supplied certificate revocation list distribution points (CRL-DP), Patent 5,699,431, to Sun under a royalty-free license for incorporation of that capability into the Mozilla open-source libraries.

Because Verisign code-signing certificates do not specify a Certificate Revocation List Distribution Point however, there was no way for them to be automatically detected as having been revoked, placing Microsoft's customers at risk.

RFC 3280 "Internet X.509 Public Key Infrastructure (PKIX) Certificate and Certificate Revocation List (CRL) Profile"

Its purpose is to offer an easy to use interface for creating certification authorities and all related elements including X.509 digital certificates, certificate signing requests (CSRs) and certificate revocation lists (CRLs).

OCSP has several advantages over older Certificate Revocation List (CRL)-based certificate revocation-checking approaches; however, it can introduce a significant penalty for certificate authorities who are now required to provide responses to every client of a given certificate in real time.