What appears to be going on with crl.microsoft.com is that Windows is checking to see if the Authenticode signature for the program you're running has been revoked. As a side effect, Microsoft also gets information on exactly what programs are being launched.
By all means mask out CRL at the domain level but be aware that the same server also manages SSL certificate revocations for Internet Exploiter and missing an SSL revocation could be very bad news for people who need to do secure transactions (banking, purchases, etc) online.
|
