[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Putting a certificate on hold with CMP (and removing it)

To: ietf-pkix@xxxxxxx, teemu.alakoski@xxxxxxxx
Subject: Re: Putting a certificate on hold with CMP (and removing it)
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Thu, 27 Apr 2006 04:17:10 +1200
In-reply-to: <444F1C9A.7000801@xxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Teemu Alakoski <teemu.alakoski@xxxxxxxx> writes:

>To my understanding, CMP can be used to put a certificate on hold using
>crlEntryDetails field of the RevReqContent structure. This is achieved by
>using a crlEntryDetails that contains a certificateHold CRLReason. Is it,
>however, possible to remove the hold status from a certificate with CMP?

It's not even certain how to do this *without* CMP, there are a pile of
different (mostly incompatible) opinions on how certificate holds are actually
supposed to work in practice.  Once you add CMP to the mix, all bets are off.
If your implementation supports handling of this, the quick answer is to do
whatever the implementation requires.

(Insert additional paragraphs that contain the word "policy" in every other
 sentence).

Peter.

References:
- Putting a certificate on hold with CMP (and removing it)
  - From: Teemu Alakoski

Prev by Date: Delivery (ietf-pkix@xxxxxxx)
Next by Date: Re: order of name attributes in certificates, suggestion for 3280 bis
Previous by thread: Putting a certificate on hold with CMP (and removing it)
Next by thread: Delivery (ietf-pkix@xxxxxxx)
Index(es):
- Date
- Thread