AWS privateca documentation change
Summary
Added CRL capacity information and certificate spelling corrections
Security assessment
Change clarifies CRL operational limits without addressing security vulnerabilities or adding security features
Diff
diff --git a/privateca/latest/userguide/crl-planning.md b/privateca/latest/userguide/crl-planning.md index 227fb1740..d1bce4bf3 100644 --- a/privateca/latest/userguide/crl-planning.md +++ b/privateca/latest/userguide/crl-planning.md @@ -30 +30 @@ For information about using Online Certificate Status Protocol (OCSP) as an alte - * **Complete** \- The default setting. AWS Private CA maintains a single, unpartitioned CRL file for all unexpired certificates issued by a CA that have been revoked for any reason. Each certificate that AWS Private CA issues is bound to a specific CRL through its CRL distribution point (CDP) extension, defined in [ RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9). + * **Complete** \- The default setting. AWS Private CA maintains a single, unpartitioned CRL file for all unexpired certificates issued by a CA that have been revoked. Each certificate that AWS Private CA issues is bound to a specific CRL through its CRL distribution point (CDP) extension, as defined in [ RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9). You can have up to 1 million private certificates for each CA with complete CRL enabled. For more information, see the [AWS Private CA quotas](https://docs.aws.amazon.com/https://docs.aws.amazon.com/general/latest/gr/pca.html#limits_pca).