[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: delta-CRLs (was Re: Last Call:draft-ietf-pkix-new-part1-06.txt comments)

To: Carlin Covey <ccovey@xxxxxxxxxx>, Russ Housley <rhousley@xxxxxxxxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: delta-CRLs (was Re: Last Call:draft-ietf-pkix-new-part1-06.txt comments)
From: Santosh Chokhani <chokhani@xxxxxxxxxxxx>
Date: Mon, 23 Apr 2001 15:00:32 -0400

Title: RE: delta-CRLs (was Re: Last Call:draft-ietf-pkix-new-part1-06.txt comments)

Carlin:

I did not reply to your earlier e-mail. But, I think a delta is always to a base issued by the same authority. Thus, delta being an indirect means that the same authority that is issuing the delta had issued a base CRL that happens to be an indirect CRL. Thus, delta is also an indirect and hence may contain critical crlEntry extension of issuerDN.

-----Original Message-----
From: Carlin Covey [mailto:ccovey@xxxxxxxxxx]
Sent: Monday, April 23, 2001 1:28 PM
To: Russ Housley; ietf-pkix@xxxxxxx
Subject: RE: delta-CRLs (was Re: Last
Call:draft-ietf-pkix-new-part1-06.txt comments)

Russ,

Two obvious candidates for alternative text are (1)
substituting MAY for MUST and (2) substituting SHOULD
for MUST in the sentence:

"A dCRL may also be an indirect CRL in that it may
contain updated revocation information related to
base CRLs issued by one or more than one authorities."

I think that these alternative wordings have been
either stated or implied by various persons in the
course of this discussion.

Were you asking for some alternative text to go
into the security considerations section?

Regards,

Carlin

____________________________

- Carlin Covey
Cylink Corporation

-----Original Message-----
From: Russ Housley [mailto:rhousley@xxxxxxxxxxxxxxx]
Sent: Monday, April 23, 2001 7:27 AM
To: ietf-pkix@xxxxxxx
Subject: RE: delta-CRLs (was Re: Last
Call:draft-ietf-pkix-new-part1-06.txt comments)

All:

Trevor, Ambarish, Denis, David, and others have proposed the removal of the
requirement that CAs post a full CRL whenever a delta-CRL is
posted. Trevor's suggestion that the consequences of a CA posting a
delta-CRL without posting a full CRL could be discussed in a single
paragraph in the Security Considerations section.

Paul and Mike have suggested that the current text is fine.

A few people have contributed to the thread but not made their own position
clear. Perhaps they are only academically interested. Or, perhaps the
dialogue is helping them reach their own conclusion. I do not
know. Regardless, most people have been silent on this issue.

I would like one of the proponents for removing the requirement to suggest
alternative text, and I would like to hear from more people about the
proposed revision.

We are in Working Group Last Call. I would like to reach consensus on this
issue, make the necessary change (if any), and get the document to the
IESG. Many other working groups are waiting for our document.

Russ

Prev by Date: RE: delta-CRLs (was Re: LastCall:draft-ietf-pkix-new-part1-06.txt comments)
Next by Date: RE: delta-CRLs (was Re: LastCall:draft-ietf-pkix-new-part1-06.txt comments)
Previous by thread: RE: delta-CRLs (was Re: Last Call: draft-ietf-pkix-new-part1-06.txt comments)
Next by thread: RE: delta-CRLs (was Re: Last Call:draft-ietf-pkix-new-part1-06.txt comments)
Index(es):
- Date
- Thread