A CA is compromised and attacks start distributing maliciously signed software updates. Which of the following
can be used to warn users about the malicious activity?
Private key verification
Public key verification
Certificate revocation list
If we put the root certificate of the comprised CA in the CRL, users will know that this CA (and the certificates
that it has issued) no longer can be trusted.
The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital
certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of
certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed
date for the next release.