Re: draft delta crl text (CRL issuer)

[Denis Pinkas <Denis.Pinkas@xxxxxxxx>]

Russ,
 
> Denis:
> 
> AAs do not appear in Figure 1.  So, I think the text is okay, since it is
> explaining the figure.  AAs may also delegate the issuance of CRLs to a CRL
> issuer.

I don't think so. The danger is that people might take the following as a
definition:

CRL issuer:  an optional system to which a CA delegates the publication of
certificate revocation lists.

This term is left undefined elsewhere, so this is the *only* definition so
far in the
document.

If an AA issues ACs that can be revoked, then I believe that CRL issuers can
be used.

So a more appropriate definition would be: 

CRL issuer: an optional system to which a CA (or an AA) delegates the
publication of certificate revocation lists.

or

CRL issuer: an optional system to which a CA (or a PKI Authority) delegates
the
publication of certificate revocation lists.

Denis

 
> Russ
> 
> At 06:47 PM 6/1/2001 +0200, Denis Pinkas wrote:
> 
> >Tim,
> >
> >(snip)
> >
> > > 3.  In section 3, we introduce the "CRL issuer" in an enhanced version of
> > > the ASCII art model of a pKI (figure 1.)
> >
> >I like the term "CRL Issuer".
> >
> >However, how should we call an entity that issues ACRLs ?
> >
> >Is it a "CRL Issuer" ?
> >
> >If we take the definition under figure 1 which is:
> >
> >    CRL issuer:  an optional system to which a CA delegates the
> >                 publication of certificate revocation lists;
> >
> >then we have a problem because ACRLs are not issued by CAs, but by AAs.
> >
> >
> >Denis