RE: delta-CRLs (was Re: LastCall:draft-ietf-pkix-new-part1-06.txt comments)

["Michael Myers" <myers@xxxxxxxxxxxxx>]

Dave,

Recognizing broader enterprise issues, somwhere there's nonetheless a middle
ground where the mandatory practice of a full CRL complements the optional
practice of issuing deltas.  The period of the former MAY, perhaps SHOULD,
be longer than the latter in the presence of the delta practice.  Your
thoughts?

Mike



> -----Original Message-----
> From: David Cross [mailto:dcross@xxxxxxxxxxxxx]
> Sent: Sunday, April 22, 2001 5:58 PM
> To: Paul Hoffman / IMC; ietf-pkix@xxxxxxx
> Subject: RE: delta-CRLs (was Re:
> LastCall:draft-ietf-pkix-new-part1-06.txt comments)
>
>
> It may not be a burden to a CA, but it very well likely may be burden
> for the underlying replication and distribution architecture to push a
> full CRL every time a delta-CRL is issued.  It is the bigger picture of
> the issue outside of the CA and PKI aspects.
>
>
> David B. Cross
>
>
>
>
> -----Original Message-----
> From: Paul Hoffman / IMC [mailto:phoffman@xxxxxxx]
> Sent: Sunday, April 22, 2001 7:06 AM
> To: ietf-pkix@xxxxxxx
> Subject: RE: delta-CRLs (was Re:
> LastCall:draft-ietf-pkix-new-part1-06.txt comments)
>
>
> At 6:03 PM -0700 4/21/01, Ambarish Malpani wrote:
> >Russ, the problem with this is that CAs might be unwilling to issue
> >delta-CRLs because issuing a full CRL every time is too burdensome.
>
> Could you describe how it is "too burdensome"? Maybe I'm being naive,
> not being a CA, but asking a CA to sign a second document (the full
> CRL) at the time that it signs the first document (the delta-CRL)
> really doesn't seem that onerous.
>
> I think the current requirement is fine.
>
> --Paul Hoffman, Director
> --Internet Mail Consortium
>