Certificate Revocation List (CRL)
- is a list of digital certificates that have been revoked by the issuing Certificate Authority before their scheduled expiration date and should no longer be trusted
- a digital certificate is valid if:
- it has a valid CA signature
- not expired
- is not listed in CRL
CRL Format
defined in the X.509