[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: cA flag and CRL issuers (was Re: Last Call: draft-ietf-pkix-new-part1-06.txt comments)

To: "Denis Pinkas" <Denis.Pinkas@xxxxxxxx>, "Sharon Boeyen" <sharon.boeyen@xxxxxxxxxxx>
Subject: RE: cA flag and CRL issuers (was Re: Last Call: draft-ietf-pkix-new-part1-06.txt comments)
From: "Carlin Covey" <ccovey@xxxxxxxxxx>
Date: Fri, 20 Apr 2001 10:37:58 -0700
Cc: <ietf-pkix@xxxxxxx>
Importance: Normal
In-reply-to: <>

Denis said:

"In an open architecture where clients do not know where to fetch the
revocation information unless using "out-of-bands" means, if a CA wants to
revoke the authorities in charge of revocation status information (i.e. CRL
Issuers or OCSP responders) they is no other way than using directly the
issuing CA key."

[Carlin]: I agree.  But now that the CRL Issuer's or OCSP responder's
certificate has been revoked, what do the Relying Parties do?  It seems
that they should now look for a CRL issued by the CA, but I haven't found
any document that mandates this behavior on the part of the Relying Parties.

References:
- Re: cA flag and CRL issuers (was Re: Last Call: draft-ietf-pkix-new-part1-06.txt comments)
  - From: Denis Pinkas

Prev by Date: Re: cA flag and CRL issuers (was Re: Last Call: draft-ietf-pkix-new-part1-06.txt comments)
Next by Date: RE: cA flag and CRL issuers (was Re: Last Call: draft-ietf-pkix-n ew-part1-06.txt comments)
Previous by thread: Re: cA flag and CRL issuers (was Re: Last Call: draft-ietf-pkix-new-part1-06.txt comments)
Next by thread: RE: cA flag and CRL issuers (was Re: Last Call: draft-ietf-pkix-n ew-part1-06.txt comments)
Index(es):
- Date
- Thread