1

In this page on Microsoft's ADFS trust policy, it states:

most revocation checks exclude checking the root certificate

What is the reason for this? Why wouldn't you want to check the whole certificate chain including the root certificate?

Cocowalla
  • 169
  • 8
  • 2
    Possible duplicate of Can a RootCA be revoked?, How is a root certificate revoked?. – Steffen Ullrich Aug 11 '17 at 13:58
  • 1
    My question is plainly not the same as those questions. I didn't realise root certs couldn't be revoked, so those questions are more like answers to my question! – Cocowalla Aug 11 '17 at 14:17
  • These might not be exactly the same question but these obviously answer your question. And that's the point, i.e. no need to add more answers since it is already answered in other questions. – Steffen Ullrich Aug 11 '17 at 14:34
  • 1
    But it's a different question - I didn't find an answer to it, so I asked it. I would never have found those questions as an answer to my question, because they are asking something different. And that's the point, i.e. reasonable to add a new question to help others in the future – Cocowalla Aug 11 '17 at 14:53
  • 2
    I see no problem. Even if the question is closed as duplicate it will not be deleted, i.e. it will remain here, ready to be found and anybody interested can look at the referenced question for answers to this one. – Steffen Ullrich Aug 11 '17 at 15:52
  • sigh the problem is quite simply that it's very clearly not a duplicate question. It's seldom a pleasurable experience using SE sites these days :'( – Cocowalla Aug 11 '17 at 16:38

0 Answers0