Which of the following is true about the CRL?
A.
It should be kept public
B.
It signs other keys
C.
It must be kept secret
D.
It must be encrypted
Explanation:
The CRL must be public so that it can be known which keys and certificates have been revoked.
In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate
revocation list (CRL) is a list of certificates (or more specifically, a list of serial numbers for
certificates) that have been revoked, and therefore, entities presenting those (revoked) certificates
should no longer be trusted.