-----Original Message-----
From:
Manger, James H [mailto:James.H.Manger@xxxxxxxxxxxxxxxx]
Sent:
Thursday, June 14, 2001 8:33 PM
To:
'ietf-pkix@xxxxxxx'
Subject: RE: delta CRLs - NR
assumptions
�> [Denis] "What about when they are two differents sets of evidence from the same relying party which are both valid (according to the way to use CRLs) but are contradictory ? "[James] No problem. The relying party chooses which ever set they want. [The subscriber may know a different set of evidence was available, but how can they know that the relying party had it? They cannot.]> [Denis] "I see a problem here. If you use delta-CRls, full CRL only or OCSP (from the same CA) you do not necessarily get the same result. For a given signature policy, allowing only one means to obtain the revocation status would allow to make sure that everydody gets the same information."[James] There is no requirement that everyone gets the same result. NR is a statement by a subscriber such as "I agree to X if you can produce evidence that matches rules Y". *Any* evidence matching the rules is sufficient, regardless of any other sets of evidence.> [Denis] "In other words, it will be necessary to wait to make sure that a report of key compromise can be done. "[James] Yes, for many applications.