CRL
Click on the red underlined text to get to the source
... revocation status is
through the use of Certificate Revocation Lists (CRLs). IKEv2 allows
CRLs ...
... payload.
However, CRLs can grow unbounded in size. Many real-world examples
exist to demonstrate the impracticality of including a multi-megabyte
file in an IKE ...
... bandwidth-limited environments (e.g., mobile communications). The
net effect is exclusion of in-band CRLs in favor of out-of-band (OOB)
...
... use of IPsec (and therefore IKE) to
establish secure and authorized access to the CRLs of an IKE
participant. Such network access ...
... Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280prop, April 2002. ...