Russ,
> Denis:
>
> AAs do not appear in Figure 1. So, I think the text is okay, since it is
> explaining the figure. AAs may also delegate the issuance of CRLs to a CRL
> issuer.
I don't think so. The danger is that people might take the following as a
definition:
CRL issuer: an optional system to which a CA delegates the publication of
certificate revocation lists.
This term is left undefined elsewhere, so this is the *only* definition so
far in the
document.
If an AA issues ACs that can be revoked, then I believe that CRL issuers can
be used.
So a more appropriate definition would be:
CRL issuer: an optional system to which a CA (or an AA) delegates the
publication of certificate revocation lists.
or
CRL issuer: an optional system to which a CA (or a PKI Authority) delegates
the
publication of certificate revocation lists.
Denis
> Russ
>
> At 06:47 PM 6/1/2001 +0200, Denis Pinkas wrote:
>
> >Tim,
> >
> >(snip)
> >
> > > 3. In section 3, we introduce the "CRL issuer" in an enhanced
version of
> > > the ASCII art model of a pKI (figure 1.)
> >
> >I like the term "CRL Issuer".
> >
> >However, how should we call an entity that issues ACRLs ?
> >
> >Is it a "CRL Issuer" ?
> >
> >If we take the definition under figure 1 which is:
> >
> > CRL issuer: an optional system to which a CA delegates the
> > publication of certificate revocation lists;
> >
> >then we have a problem because ACRLs are not issued by CAs, but by AAs.
> >
> >
> >Denis