[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Current status of CRL validation ?

To: ietf-pkix@xxxxxxx
Subject: Re: Current status of CRL validation ?
From: "Julien Stern" <julien.stern@xxxxxxxxxxxxx>
Date: Tue, 23 Mar 2004 15:25:26 +0100
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i

Santosh,

thank again for your quick reply.

Two more little questions, and I'll (probably) stop bothering :)

1) According to what you said, a certificate could at the same time
be revoked or not revoked depending on your local policy (more
specifically depending on the path you choose) ? That seems pretty
weird... or did I misunderstood something ?

2) When I download a CRL, can I check it's signature by verifying the
path only ONCE ? Or do I have to do it each time I want to check a
certificate ? If say, two S/MIME clients, send me two certificates whose
revocation information are found in the same CRL, but with different
paths going to different trusted anchors, it seems to me that I have
to rebuild and recheck the path for the CRL each time ?

--
Julien

Follow-Ups:
- Re: Current status of CRL validation ?
  - From: Stephen Kent
- RE: Current status of CRL validation ?
  - From: Ambarish Malpani
- RE: Current status of CRL validation ?
  - From: Ambarish Malpani
- RE: Current status of CRL validation ?
  - From: Santosh Chokhani

References:
- Re: Current status of CRL validation ?
  - From: Julien Stern
- RE: Current status of CRL validation ?
  - From: Santosh Chokhani

Prev by Date: RE: Current status of CRL validation ?
Next by Date: RE: Current status of CRL validation ?
Previous by thread: RE: Current status of CRL validation ?
Next by thread: RE: Current status of CRL validation ?
Index(es):
- Date
- Thread