[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CDP in self signed root CA

To: <ietf-pkix@xxxxxxx>
Subject: CDP in self signed root CA
From: "Erwan Smits" <Erwan.Smits@xxxxxxx>
Date: Thu, 5 Dec 2002 17:35:59 +0100
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcKcfGR4MHGxuWgWSd+4Lhh3rVq2gA==
Thread-topic: CDP in self signed root CA

We are building a certificate hierarchy with 4 (CA) layers. We want to include a CDP extension in every CA and end user certificate. At the moment we have a discussion about the need for a CDP extension in the Root CA. The argument against it is that it doesn't make sense because there is no supperior CA that can sign the CRL. The argument for a CDP is that for performing a correct path validation the CRL for every CA (including the Root CA) and end-user certificate should be validated.

I scanned through RFC 3280, but it doesn't say anything about it. Does anybody have suggestions?

Greetings,

Erwan Smits

Follow-Ups:
- RE: CDP in self signed root CA
  - From: Santosh Chokhani
- Re: CDP in self signed root CA
  - From: Russ Housley

Prev by Date: Re: I-D ACTION:draft-ietf-pkix-pi-06.txt
Next by Date: Re: Last Call: Wireless LAN Certificate Extensions and Attributes to Proposed Standard
Previous by thread: I-D ACTION:draft-ietf-pkix-pi-06.txt
Next by thread: Re: CDP in self signed root CA
Index(es):
- Date
- Thread