Large CRLs and Slow CRL Servers when Signing PDFs to create the B-LTA Signature Level

Chilkat is working on making it easy to produce B-LTA level signatures.

However, it has come to our attention that some CRL’s can be large, and a server handling requests at the CRL distribution point can be very slow.  For example, the CRL at  is almost 25MB in size, and the server ( is very slow.  It takes more than a minute to download the CRL.

This means that every time a B-LTA signature is to be created, it will take more than a minute to just download the CRL from

I think governments and CA’s hosting CRL’s need to be aware of consequences of poor server performance.  It should not be a difficult or costly endeavor to host CRL’s w/ higher performance (and security).  One might consider using AWS S3 with CloudFront.

Also, you might notice applications such as Adobe Acrobat hanging or taking a very long time to open/verify signed PDF documents where the signatures have OCSP or CRL dependencies on slow servers.


Tags :