Comment 2 for bug 1182920

That sounds like a vulnerability, but it seems to derive from the very concept of storing revocation lists on volatile storage... So is it a implementation issue or an architectural issue ? (can we fix it ?)

To make sure I got it right... this means that revocation lists are valid only as long as you don't restart storage on both middleware and keystone servers... and this affects PKI tokens with either memcache or KVS backends ?