Which of the following is true about the CRL?
It should be kept public
It signs other keys
It must be kept secret
It must be encrypted
The CRL must be public so that it can be known which keys and certificates have been revoked.
In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list
(CRL) is a list of certificates (or more specifically, a list of serial numbers for certificates) that have been
revoked, and therefore, entities presenting those (revoked) certificates should no longer be trusted.