Pushing and pulling CRLs

David Newman dnewman at NETWORKTEST.COM
Mon Jul 24 17:12:31 EDT 2000


Because I don't have enough pain in my life I've recently started playing
with certificate authorities. :(

One issue that's arisen is how a VPN gateway learns that a CA has revoked a
cert in use by the gateways.

If a VPN gateway only checks with a CA at periodic intervals, and the CA
revokes a cert immediately after the gateway last checked with the CA, does
that mean the revoked user (or process or whatever) is still granted access
until the next check?

A Bad Thing if so. Are there any workarounds for this, such as CAs that push
CRLs to the gateways?

Thanks for any clues on this.

Regards,
David Newman
Network Test

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list