RE: Freshest CRL

["Stefan Santesson" <stefans@xxxxxxxxxxxxx>]

Just got a response from David Cooper explaining that X.509 was aligned with RFC 3280 in this issue by DR 278 and that it is now valid to use this as both Certificate and CRL extension in both specs.

 

So no reason to respond to this question any more.

 

/Stefan

---

From: Stefan Santesson
Sent: den 29 mars 2004 14:06
To: ietf-pkix@xxxxxxx
Subject: Freshest CRL

 

Is Freshest CRL supposed to be a Certificate extension or a CRL extension?

I have always believed that it was a CRL extension, as defined in RFC 3280 section 5.2.6:

 

 

5.2.6  Freshest CRL (a.k.a. Delta CRL Distribution Point)

 

   The freshest CRL extension identifies how delta CRL information for this complete CRL is obtained.

 

 

However,

 

In X.509, this extension is defined a s a certificate extension only in section 8.6.2.6

 

8.6.2.6     Freshest CRL extension

The freshest CRL extension shall be used only as a certificate extension and may be used in certificates issued to authorities as well as certificates issued to users. This field identifies the CRL to which a certificate user should refer to obtain the freshest revocation information (e.g.: latest dCRL). This field is defined as follows:

 

 

Which is correct?

 

 

Stefan Santesson

Program Manager, Windows Security