Hello
I hope this is the correct forum to ask my question. I was reading up on the X509 v3 Standard and Cryptography in general when I can across an statement which said that the SSL (e.g. the SSL hand-shack and subsequent secure channel setup) does not bother to check the CRL for a given certificate, is this correct?
In other words a CDP may be published in the Certificate but the SSL Protocol does not retrieve/check the CRL located as the CDP to check if the certificate in question has been revoked or not. This is not a Microsoft specific question (rather a protocol question e.g. behaviour of SSL protocol). I read this information from a respected source (although the document was a little dated)
If this is the case (and perhaps this is a question for a PKI/SSL type forum) then you can browse to a WEB site with a valid (NotAfter is still within date) certificate (which as been revoked by the CA) but be completely unaware of this and still setup a secure channel with the WEB site and perform transactions.
Can someone please enlighten me on this please
Thanks
AAnotherUser__
AAnotherUser__