Bouncy |
public bool CheckCertificateRevocation { get; set; }
Gets or sets whether or not certificate revocation lists should be downloaded when verifying signatures.
If enabled, the BouncyCastleSecureMimeContext will attempt to automatically download Certificate Revocation Lists (CRLs) from the internet based on the CRL Distribution Point extension on each certificate.
Security Note |
---|
Enabling this feature opens the client up to potential privacy risks. An attacker can generate a custom X.509 certificate containing a CRL Distribution Point or OCSP URL pointing to an attacker-controlled server, thereby getting a notification when the user decrypts the message or verifies its digital signature. |