Massimiliano,
if am i right, then the easyest way to retreive the cert status form the
actual CRL.
You dont need to extand the schema, use only the valid CRL as the source
of the info.
But, in this case, the CA must issue a new crl after each revocation
immediately.
Adam
-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]On
Behalf Of Massimiliano Pala
Sent: Saturday, January 04, 2003 6:24 PM
To: ietf-pkix@xxxxxxx
Subject: OCSP and LDAP
Hi all,
it might be an old question but If you can not answer me I really don't
know
where to look... Here it is.
We are trying to rebuild our OCSPd backend and one of the possibilities
was
to use the LDAP server to store (besides the issued certificates)
informations
needed to the OCSPd to build the responses (i.e. at least the status of
the
certificates).
Are there RFCs/raccomandations that will help us in using a good schema
for storing this kind of informations and in not making big mistakes ?
Thank to you all for all the work you are doing.
--
C'you on the bit stream,
Massimiliano Pala
--o-----------------------------------------------------------------------
--
Massimiliano Pala [OpenCA Project Manager]
madwolf@xxxxxxxxxx
Tel.: +39 (0)59 270
094
http://www.openca.org Fax: +39 178 221
8225
http://openca.sourceforge.net Mobile: +39 (0)347 7222
365
Attachment:
smime.p7s
Description: S/MIME cryptographic signature