Darren J Moffat wrote: >> >> So the tools are responsible for making this check themselves, using >> OCSP, right? That makes sense -- end users don't have to take any >> specific action to get the CRL checking. > > In general they may use OCSP but not on the CA certs files only on the > SSL server certs they receive as part of the SSL protocol. > > The hole point of the CA certs is "the buck stops here".
Ok, thanks again for the clarifications.
- Garrett
