[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: delta-CRLs (was Re: LastCall:draft-ietf-pkix-new-part1-06.txt comments)
- To: "Paul Hoffman / IMC" <phoffman@xxxxxxx>, <ietf-pkix@xxxxxxx>
- Subject: RE: delta-CRLs (was Re: LastCall:draft-ietf-pkix-new-part1-06.txt comments)
- From: "David Cross" <dcross@xxxxxxxxxxxxx>
- Date: Sun, 22 Apr 2001 17:57:51 -0700
- Thread-index: AcDLjnhPZVtrDFXoQZyGbX+yOEWT3AAAbJFQ
- Thread-topic: delta-CRLs (was Re: LastCall:draft-ietf-pkix-new-part1-06.txt comments)
It may not be a burden to a CA, but it very well likely may be burden
for the underlying replication and distribution architecture to push a
full CRL every time a delta-CRL is issued. It is the bigger picture of
the issue outside of the CA and PKI aspects.
David B. Cross
-----Original Message-----
From: Paul Hoffman / IMC [mailto:phoffman@xxxxxxx]
Sent: Sunday, April 22, 2001 7:06 AM
To: ietf-pkix@xxxxxxx
Subject: RE: delta-CRLs (was Re:
LastCall:draft-ietf-pkix-new-part1-06.txt comments)
At 6:03 PM -0700 4/21/01, Ambarish Malpani wrote:
>Russ, the problem with this is that CAs might be unwilling to issue
>delta-CRLs because issuing a full CRL every time is too burdensome.
Could you describe how it is "too burdensome"? Maybe I'm being naive,
not being a CA, but asking a CA to sign a second document (the full
CRL) at the time that it signs the first document (the delta-CRL)
really doesn't seem that onerous.
I think the current requirement is fine.
--Paul Hoffman, Director
--Internet Mail Consortium