[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: delta-CRLs (was Re: Last Call:draft-ietf-pkix-new-part1-06.txt comments)

To: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: delta-CRLs (was Re: Last Call:draft-ietf-pkix-new-part1-06.txt comments)
From: "David Cross" <dcross@xxxxxxxxxxxxx>
Date: Sat, 21 Apr 2001 16:07:07 -0700
Thread-index: AcDKq8td/2vWwmoTRKmmIAi2MrNVqQAC7a0g
Thread-topic: delta-CRLs (was Re: Last Call:draft-ietf-pkix-new-part1-06.txt comments)

Understood - however, you may be penalizing the CA and the supporting
infrastructure to replicate a full base CRL versus a smaller delta-CRL
only.  That is why so many people would like it to be a MAY.

 
David B. Cross
 

> >In the third paragraph the first sentence (still) says:
> >
> > >    When a conforming CA issues a delta CRL, the CA MUST also issue

> > > a CRL


Originally, this sentence was placed in RFC 2459 to ensure that simple 
clients are able to get the best possible revocation information.  We
did 
not want to require CAs or clients to support delta-CRLs, but if a CA
chose 
to support delta-CRLs, we did not want to penalize clients.

I do not see that either of these desires has changed.

Russ

Prev by Date: Re: Dedicated CRL signing keys
Next by Date: RE: delta-CRLs (was Re: Last Call:draft-ietf-pkix-new-part1-06.txt comments)
Previous by thread: RE: delta-CRLs (was Re: Last Call:draft-ietf-pkix-new-part1-06.tx tcomments)
Next by thread: RE: delta-CRLs (was Re: Last Call:draft-ietf-pkix-new-part1-06.txt comments)
Index(es):
- Date
- Thread