encryption - Standard approaches on security deployments -
i have following question:
in security deployments standard practice, if revocation checks made certificates reason @ specific moment not possible determine status of target certificate?
e.g. because network down or ocsp down etc (any reason not give conclusive indication of status of certificate).
@ first, thought certificate should considered rejected (and example drop session).
on other hand though, if valid user , denied access resources, due unrelated issues (such network problems) not @ all.
not sure, happen here, depend per security environment, or there standard approach handle this?
any input highly welcome.
some systems cache revocation lists and/or revocation verification results fixed or configurable duration. request user decision. both (i.e.: request user decision if cached result indicates certificate not yet revoked).
Comments
Post a Comment