certificate revocation checking in pkinit in KDC

[Ken Hornstein]

>Is it possible to check if a certificate is revoked against a URL  in MIT KDC?

Currently the answer is 'no' with the MIT implementation.  We have code
here at NRL which does that (I'm assuming you mean checking using OCSP),
and it's pretty straightforward.  It's on my medium term to-do list to
contribute that code to MIT for inclusion their pkinit plugin, but sadly
I've been busy with other things.

--Ken