Good morning everyone,
I have a question regarding PKI and revocation but I cannot find the right forum to post. I saw a forum dedicated to security. However, I cannot see it as an available choice when I ask a question. Do you have any idea please ?
Meanwhile, I am setting up a PKI and I want to get the quickest revocation publication.If one of our laptops get stolen, for example, I want the firewall to get the revocation information as fast as possible to block any vpn attempt.
#1 : I was initially going with CRL but the update delay can be quite long. Is configuring overlapping a viable way to force newer CRL download ?
#2 : I thought OCSP could directly query the revocation database on the CA, but it seems it only queries CRL. Is it correct or am I missing something ?
Basically, I would like to know how you do to get the revocation information published as fast as possible.
Thank you for your time !
