Sorry guys, I've just found the answer..
"there is a difference between the crl optionalcommand and the revocation-check none command. The crl optionalcommand will perform revocation checks against any applicable in-memory CRL. If a CRL is not available, a CRL will not be downloaded and the certificate is treated as valid" So if asked not to configure certificate validation.. we use the 'none' keyword, is that right? ________________________________ De: Carlos Jardim <[email protected]> Para: CCIE Security Maillist <[email protected]> Enviadas: Quinta-feira, 4 de Novembro de 2010 19:53:08 Assunto: [OSL | CCIE_Security] 'none' vs. 'crl' keywords (revocation-check) All, We know that both keywords will always treat the certificate as valid. But is there any difference in terms of processing actually? What if we are told not to perform any validation, should we leave the default command (revocation-check crl) or change it to revocation-check none? ..a bit curious Regards; Carlos
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
