TLS and CRL
anyone know if the latest rev of x509 cert requires a reachable CRL for the cert to be valid when a browser checks the cert chain. isnt "validity" based on verifying the cert chain up to some trusted CA?
is the CRL part of a x509 a requirement?
does any of this change if its TLS vs other types of encryption schemes?
from the x509 rfc 5280
The CRL distribution points extension identifies how CRL information
is obtained. The extension SHOULD be non-critical, but this profile
RECOMMENDS support for this extension by CAs and applications
Last edited by Linux_Kidd; 12-10-2012 at 10:27 AM.