Pushing and pulling CRLs
David Newman
dnewman at NETWORKTEST.COM
Mon Jul 24 17:12:31 EDT 2000
Because I don't have enough pain in my life I've recently started playing
with certificate authorities. :(
One issue that's arisen is how a VPN gateway learns that a CA has revoked a
cert in use by the gateways.
If a VPN gateway only checks with a CA at periodic intervals, and the CA
revokes a cert immediately after the gateway last checked with the CA, does
that mean the revoked user (or process or whatever) is still granted access
until the next check?
A Bad Thing if so. Are there any workarounds for this, such as CAs that push
CRLs to the gateways?
Thanks for any clues on this.
Regards,
David Newman
Network Test
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list