[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CRLNumber definition and MAX
I'd go so far as adding text to say something like application MUST
handle a path length up to 20, CA MUST NOT generate a path length longer
than 20, and MUST NOT insert a value larger than that in any of those
three values. CRLNumber and CRLNumber would, of course, still be allowed
to up to 20 octets in length.
To be sure: you are saying "20", not "20 octets"? I would agree with 20 or 4711.
A path length of an "long" with 2**31-1 seems more than sufficient to me.
Putting a pathlen=20 or more is in practice the same as leaving out the field.
How long does it take to validate such a path, not even talking about
storing several tera octets of certificates. :-)