...
What is/are the CRL distribution points that must be used by OpenNCP? Options:
- All CRLs published by all CAs on European TSL lists (question related to this option: performance issues/too many CRL addresses, where to get the list?).
- The CRL address given in the certificate (question related to this option: why OpenNCP should trust this address, if the intention is to validate this very certificate?).
- Some predefined CRL addresses (question related to this option: how to define a trustworthy way of sharing this list?)
- Other option.
How are CRL checks implemented in FET solution?
...