From Microsoft Windows 2008 Server Domain Name System Security Technical Implementation Guide
Part of SRG-APP-000401-DNS-000051
Associated with: CCI-001991
Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates).
Consult with the SA to determine if there is a third-party CRL server being used for certificate revocation lookup. If there is, verify if a documented procedure is in place to store a copy of the CRL locally (local to the site, as an alternative to querying the actual Certificate Authorities). An example would be an OCSP responder installed at the local site. If there is no local cache of revocation data, this is a finding.
Configure local revocation data to be used in the event access to Certificate Authorities is hindered.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer