220.127.116.11 Status Checking
In general, before trusting a partys certificate for an important transaction, you should check to make sure that it is still valid, and has not been revoked. This is called checking its status. If the certificate does not come back as valid, proceed with the transaction at your own risk.
The process, and the potential consequences for not doing it, is similar to the common practice of a merchant authorizing your credit card before accepting it as payment.
Normally status checking would be performed by referring to information from the certificates issuing CA, which may be in the form of a published CRL, or perhaps in the form of an OCSP site. Additionally, as pointed out in a Microsoft paper on certificate status checking in closed PKI environments407 (rather than public environments with external CAs), other protocols can be used to perform similar validity checks, depending on how the CA wishes to set it up. Be aware that many email clients are notoriously bad at checking for revoked certificates, so when sending or receiving signed email, you may wish to check certificate validity independently.
A certificate status check may tell you the certificate status (valid, suspended, revoked, and expired) as well as list a reason code explaining the current status (such as requested by user, compromise suspected, etc.)
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.