[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cRLIssuer vs. distributionPoint

To: <ietf-pkix@xxxxxxx>
Subject: cRLIssuer vs. distributionPoint
From: "Martin Lindström" <martin.lindstrom@xxxxxxxxxxxxx>
Date: Wed, 21 Feb 2001 16:51:23 +0100
Importance: Normal

I have some questions regarding how the distributionPoint and cRLIssuer
fields of the DistributionPoint/CRLDistributionPoint extension
should be interpreted.

True or false? If the distributionPoint field is present, the cRLIssuer
always specifies the issuer name of the CRL that we should try to get.

New-part1 says "If the distributionPointName is absent, cRLIssuer MUST
be present and include a Name corresponding to an X.500 or LDAP directory
entry where the CRL is located".
My understanding of this is that it should point to a location where
the CRL can be fetched, it does not say necessarily specify the CRL
issuer name. If that is correct, why not use the distributionPoint field
for this purpose?

Thanks in advance.

/Martin Lindström

Prev by Date: RE: multiple digitale signatures
Next by Date: Use of TLS for authentication/encryption in wireless( LANS )
Previous by thread: certificate policies extension in RFC2459 and new-part1-04
Next by thread: Use of TLS for authentication/encryption in wireless( LANS )
Index(es):
- Date
- Thread