Is there a CRL size that is beyond a practical limit? I did not find anything in the RFC. Is there any limit at all on the size of CRLs?
Maximum Size of CRL
crl
Related Topic
- How often is CRL refreshed, and how to force it to be
- Microsoft CRL URL’s
- Nginx – How to check multiple CRL lists with nginx client authentication
- Wininet 12057 error contacting crl server
- Openvpn – How to make OpenVPN use the CA’s CRL Distribution Points when verifying certificates
- OpenSSL – Check SSL Certificate Against CRL with Intermediate CA
Best Answer
I don't think there is a size limit, though other practical and security limitations should limit their size. The largest I've seen was one from Thawte at ~5MB. Most CRLs are distributed with Delta locations so clients don't need to constantly pull the whole thing.