Explain the main characteristics of indirect CRLs.
What will be an ideal response?
A single PKI deployment might include several CAs. In this case, a PKI-enabled application must download CRLs from every single CA before any validation can be performed, which might cause performance and scalability issues. The goal of indirect CRL is to enable revocation information from multiple CAs to be issued within a single CRL. In this case, one indirect CRL can be used instead of multiple CRLs being downloaded from different CAs. The indirect CRL issuer must be trusted at the same level as the CA that issued the certificate in question.
To indicate the use of indirect CRL, the indirect CRL Boolean attribute in the issuing distribution point CRL extension must be set to TRUE. Furthermore, the certificate issuer field in the per-entry extension could be used to indicate the origination of the certificate in the CRL to distinguish among all the CAs associated with the indirect CRL. In a PKI environment with multiple CAs, the use of indirect CRL would improve overall performance, as only one CRL download is needed, and the number of replying parties will far exceed the number of indirect CRL issuers.
You might also like to view...
Answer the following statements true (T) or false (F)
1. The sharing of the data means that data need to be stored only once. 2. Data have a better chance of being available in a conventional file system than in a database. 3. Within the realm of metadata, there are record definitions and data item definitions. 4. Any object or event about which someone chooses to collect data is an attribute.
Expenses that depend on other variables are called ________ expenses
Fill in the blank(s) with correct word
Linked files do not maintain a connection between the source file and the destination file.
Answer the following statement true (T) or false (F)
You have a periodic Image analysis application that gets some files In Input analyzes them and tor each file writes some data in output to a ten file the number of files in input per day is high and concentrated in a few hours of the day. Currently you have a server on EC2 with a large EBS volume that hosts the input data and the results it takes almost 20 hours per day to complete the process What services could be used to reduce the elaboration time and improve the availability of the solution?
A. S3 to store I/O files. SQS to distribute elaboration commands to a group of hosts working in parallel. Auto scaling to dynamically size the group of hosts depending on the length of the SQS queue B. EBS with Provisioned IOPS (PIOPS) to store I/O files. SNS to distribute elaboration commands to a group of hosts working in parallel Auto Scaling to dynamically size the group of hosts depending on the number of SNS notifications C. S3 to store I/O files, SNS to distribute evaporation commands to a group of hosts working in parallel. Auto scaling to dynamically size the group of hosts depending on the number of SNS notifications D. EBS with Provisioned IOPS (PIOPS) to store I/O files SOS to distribute elaboration commands to a group of hosts working in parallel Auto Scaling to dynamically size the group ot hosts depending on the length of the SQS queue.