[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Two questions on delta-CRL

To: IETF-PXIX <ietf-pkix@xxxxxxx>
Subject: Two questions on delta-CRL
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Tue, 02 Jan 2001 12:24:43 +0100
Organization: Bull

In section 5.2.4 (Delta CRL Indicator), RFC 2459 states:

  The delta CRL indicator is a critical CRL extension that identifies a
  delta-CRL.  The use of delta-CRLs can significantly improve
  processing time for applications which store revocation information
  in a format other than the CRL structure.  This allows changes to be
  added to the local database while ignoring unchanged information that
  is already in the local database.

  When a delta-CRL is issued, the CAs MUST also issue a complete CRL.

  (...) Again, a delta-CRL MUST NOT be issued without a corresponding 
  complete CRL. 

The two questions are the following: 

1) What is the rational for mandating the issuance of a complete CRL each
time a delta-CRL is issued ?
2) Under which conditions could this requirement be relaxed ?

Denis

Follow-Ups:
- Re: Two questions on delta-CRL
  - From: Sam Schaen

Prev by Date: Re: DPD & DPV requirements
Next by Date: Re: Two questions on delta-CRL
Previous by thread: Re: DPD & DPV requirements
Next by thread: Re: Two questions on delta-CRL
Index(es):
- Date
- Thread