alt Hacker NewsPKI works offline until you realize you need to handle revocations.
For this and related reasons, such as enforcing protocol upgrades, most smartcard systems end up permanently online.
PKI works offline until you realize you need to handle revocations.
For this and related reasons, such as enforcing protocol upgrades, most smartcard systems end up permanently online.
You can have a mixed system, such that revocation lists are downloaded and cached every hour or so, and you can even try to check online more often than that, but fall back to the downloaded lists if the system is down.