[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: (U) Flushing the CRL cache
From:       Joe Steele <steele () ADOBE ! COM>
Date:       2003-01-09 18:13:27
[Download RAW message or body]

OCSP has a lot of advantages, but unless you are installing a new
security subsystem on an end-user system, you cannot rely on it being
available. CRL checking is built into the OS (at least the ones I have
to deal with). Given that constraint, you want the CRLs you check
against to be as up-to-date as is reasonable.

> -----Original Message-----
> From: Microsoft Cryptographic API
> [mailto:CryptoAPI@DISCUSS.MICROSOFT.COM] On Behalf Of Wang ZhiYe
> Sent: Tuesday, January 07, 2003 8:31 PM
> To: CryptoAPI@DISCUSS.MICROSOFT.COM
> Subject: Re: (U) Flushing the CRL cache

<snip>
> I think it's beyond the function of the CRL if it's as what
> Loyless said. If you want to get the new revocations in
> time,you can use LDAP or OCSP,that's the right method for
> getting certificate status.
</snip>

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
[prev in list] [next in list] [prev in thread] [next in thread]