Which of the following is true about the CRL?

A.
It should be kept public

B.
It signs other keys

C.
It must be kept secret

D.
It must be encrypted

Explanation:
The CRL must be public so that it can be known which keys and certificates have been revoked.
In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate
revocation list (CRL) is a list of certificates (or more specifically, a list of serial numbers for

certificates) that have been revoked, and therefore, entities presenting those (revoked) certificates
should no longer be trusted.