Most likely. It is always hard to give a definitive answer when you give hypothetical questions :). But I would say most likely.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Carlos Jardim Sent: Thursday, November 04, 2010 5:20 AM To: CCIE Security Maillist Subject: [OSL | CCIE_Security] Res: 'none' vs. 'crl' keywords (revocation-check) Sorry guys, I've just found the answer.. "there is a difference between the crl optional command and the revocation-check none command. The crl optional command will perform revocation checks against any applicable in-memory CRL. If a CRL is not available, a CRL will not be downloaded and the certificate is treated as valid" So if asked not to configure certificate validation.. we use the 'none' keyword, is that right? _____ De: Carlos Jardim <[email protected]> Para: CCIE Security Maillist <[email protected]> Enviadas: Quinta-feira, 4 de Novembro de 2010 19:53:08 Assunto: [OSL | CCIE_Security] 'none' vs. 'crl' keywords (revocation-check) All, We know that both keywords will always treat the certificate as valid. But is there any difference in terms of processing actually? What if we are told not to perform any validation, should we leave the default command (revocation-check crl) or change it to revocation-check none? ..a bit curious Regards; Carlos
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
