[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OCSP and CSL

To: Massimiliano Pala <madwolf@xxxxxxxxxxxxxxxx>
Subject: Re: OCSP and CSL
From: Ben Laurie <ben@xxxxxxxxxxxxx>
Date: Wed, 26 Jan 2000 17:27:39 +0000
Cc: Stephen Kent <kent@xxxxxxx>, ietf-pkix@xxxxxxx
Organization: A.L. Group plc
References: <> <> <>

Massimiliano Pala wrote:
> 
> Stephen Kent wrote:
> >
> > Massimiliano,
> >
> > Would not a CRL DP that holds only suspended certs achieve the effect
> > you attribute to a CSL?
> >
> > Steve
> 
> Yes, I think this is what we definetly need. What I was wondering is if available
> software can disitinguish CSLs from CRLs ... As far as I know, actually Netscape
> does not support CRLs with extentions. Am I wrong ???
> 
> Do you know of some software supporting extentions in CRLs (widely available) ???
> 
> To issue a CRL, you'd need the CA certificate/key, but in environment where you
> have (for security reasons) a network-less CA how to accomplish this ??? Can you
> sign CRLs with a certificate that is not the CA Cert ???

Since a suspended certificate is as unusable as a revoked one, it makes
no sense to me to permit _any_ differences between the creation of a
suspension and the creation of a revocation. Which means that there's
little point in supporting suspension at all.

Cheers,

Ben.

--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm

http://www.apache-ssl.org/ben.html

Y19100 no-prize winner!
http://www.ntk.net/index.cgi?back=2000/now0121.txt

Follow-Ups:
- Re: OCSP and CSL
  - From: Massimiliano Pala
- Re: OCSP and CSL
  - From: Brian Ford

References:
- OCSP and CSL
  - From: Massimiliano Pala
- Re: OCSP and CSL
  - From: Stephen Kent
- Re: OCSP and CSL
  - From: Massimiliano Pala

Prev by Date: Re: OCSP and CSL
Next by Date: Re: OCSP and CSL
Previous by thread: Re: OCSP and CSL
Next by thread: Re: OCSP and CSL
Index(es):
- Date
- Thread