[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last Call: draft-ietf-pkix-new-part1-06.txt comments

To: "Michael Myers" <myers@xxxxxxxxxxxxx>
Subject: RE: Last Call: draft-ietf-pkix-new-part1-06.txt comments
From: Stephen Kent <kent@xxxxxxx>
Date: Thu, 19 Apr 2001 10:40:37 -0400
Cc: <ietf-pkix@xxxxxxx>
In-reply-to: <>
References: <>

At 9:34 PM -0700 4/18/01, Michael Myers wrote:

Steve,

 -----Original Message-----
 From: Stephen Kent [mailto:kent@xxxxxxx]
 Sent: Wednesday, April 18, 2001 4:18 PM

 . . .
 . . .  Nowhere in X.509 or in previous PKIX
 documents has there ever been text to suggest
 that other than a CA can sign a CRL for a
 public key certificate.


I take it you mean CA as an entity vs. CA as the key the signed the
certificate.

yes.

 Also, in responde to other messages I've just been reading, I want to
 pont out that OCSP responses are not CRLs . . .


But one could (in fact it is being done) use OCSP to functionally replace
CRLs.

yes, one could, but the name for the bit is specific to CRLs, not to any revocation status mechanism that exists or might exist in the future.

Steve

References:
- RE: Last Call: draft-ietf-pkix-new-part1-06.txt comments
  - From: Michael Myers

Prev by Date: Re: Dedicated CRL signing keys
Next by Date: Re: Last Call: draft-ietf-pkix-new-part1-06.txt comments
Previous by thread: RE: Last Call: draft-ietf-pkix-new-part1-06.txt comments
Next by thread: Re: Last Call: draft-ietf-pkix-new-part1-06.txt comments
Index(es):
- Date
- Thread