OCSP based on CRL lists only
Hi, do I understand correctly that the OCSP service offered in WinSrv2008R2 only works with a revocation provider based on a CA's CRLs, i.e. it is not directly querying the CA database?
So, for a 3rd party authentication service - RADIUS in this case, there would not be a big difference between utilizing OCSP versus retrieving and possibly cashing CRLs itself, right?
Thanks - Stef
November 4th, 2010 7:51am
> do I understand correctly that the OCSP service offered in WinSrv2008R2 only works with a revocation provider based on a CA's CRLs, i.e. it is not directly querying the CA database?
yes, this is correct.
> So, for a 3rd party authentication service - RADIUS in this case, there would not be a big difference between utilizing OCSP versus retrieving and possibly cashing CRLs itself, right?
again, yes.http://en-us.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
November 4th, 2010 8:36am