Re: Cert Revocation
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 20 Feb 2007 17:32:43 +0000 (UTC)
You can check against a local list or a remote list - the location of the remote list can be found in the CDP (CRL distribution point) extension in the cert - this usually points to a .crl file (e.g. via HTTP).
This document has all the details:
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
I see that it is possible in CryptoApi to specify flags requesting
that a certificate chain being checked is also checked for revocation.
I have some high level questions about how this works.
Does CryptoApi check a local revocation list? Does it use OCSP (I
don't think so but I'm just throwing the question out here)?
If it uses a local list, how often do windows systems have their lists
updated, if ever?
- Prev by Date: User account pictures on Vista
- Next by Date: how to get folder/files ACL permissions using c++???
- Previous by thread: User account pictures on Vista
- Next by thread: how to get folder/files ACL permissions using c++???