reply to AVD
Re: Adobe's code signing certificate has been stolen
said by AVD:I'm sorry if I was unclear but I did mean default behavior. I remember seeing a site that had a nice overview showing which software did not implement CRL checking at all and which software supported CRL checking but had it disabled by default (I'm not sure if there was any that had CRL checking enabled by default).
that may be the default
Of course, I can't find it now
Another issue related to CRLs (not applicable to the current topic) is whether only the presented certificate is being checked or whether all the certificates in the signing chain are checked for revocation as well (should you still trust a certificate if the intermediate or root CA certificate was revoked ?).
Got some spare cpu cycles ? Join Team Helix or Team Starfire!