certificate revocation list (CRL)
- To prevent the misuse of digital certificates, they can be revoked and revoked. The format and semantics of revocation lists are specified in X.509. A certificate revocation list (CRL) is comparable to a blacklist. It includes the current serial numbers of the invalid certificate and the revocation date. Revocation lists are created and signed by the certification authority( CA) and can be downloaded by users on request. They are used by web browsers, among others, to confirm a certificate as valid or trustworthy. Since the revocation lists always have to be downloaded in full, the Online Certificate Status Protocol ( OCSP) has been developed as an extension to the Certificate Revocation Lists (CRL), which can be used to query the status of individual certificates. To reduce the number of entries, there is also the delta CRL, a revocation list that works with updates and only updates the base CRL.
- For smart cards, the revocation lists are also called blacklist, greylist, whitelist and hotlist. The blacklist lists all chip cards that are no longer allowed to be used for a specific reason. The greylist lists the smart cards that are under observation, the whitelist lists those that may no longer be used for various applications, and the hotlist lists those that have probably been tampered with and may not be used.