Hi all,
Is there a way for a CA to specify its own (not its issuer's) CRL
distribution point in its certificate ?
I am asking this because the only way I found so far is by using
the Subject Information Access with id-ad-caRepository as accessMethod.
The problem is that its definition is too broad, therefore the URI I
can put in there could address a CRL or Certs repository or other
services.
From the RFC-3280 (pp 47):
<< The id-ad-caRepository OID is used when the subject is a CA, and
publishes its certificates and CRLs (if issued) in a repository. The
accessLocation field is defined as a GeneralName, which can take
several forms. >>
While the accessLocation is quite simple to deal with, we should have
different accessMethod ids at least for CRLs and Certificates repositories.
In other words, is there a method to access the CRLs of a CA from the CA's
certificate only ?
Am I missing something here ?
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] massimiliano.pala@xxxxxxxxx
Tel.: +39 (0)11 564 7081
http://security.polito.it Fax: +39 178 270 2077
Mobile: +39 (0)347 7222 365
Politecnico di Torino (EuroPKI)
Certification Authority Informations:
Authority Access Point http://ca.polito.it
Authority's Certificate: http://ca.polito.it/ca_cert/en_index.html
Certificate Revocation List: http://ca.polito.it/crl02/crl.crl
--o------------------------------------------------------------------------
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature