[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CA Rekey and CRL Validation

To: "'Denis Pinkas'" <Denis.Pinkas@xxxxxxxx>, "'Santosh Chokhani'" <chokhani@xxxxxxxxxxxx>
Subject: RE: CA Rekey and CRL Validation
From: "Carl Wallace" <cwallace@xxxxxxxxxxxx>
Date: Thu, 16 Sep 2004 12:49:24 -0400
Cc: <ietf-pkix@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcSb86Ykj/P+QwkSQ2ir84bbac7ykgAC7+vAAANh4BA=


> You are correct that absence of IDP does not necessarily mean 
> that it is a CRL is complete for the CA.  It means more.  
> Absence of IDP means the CRL is complete for all certificates 
> issued by all CAs that identify the CRL issuer in their 
> public key certificates (including certificates issued by the 
> CRL issuer).  See X.509: "it is the responsibility of the CRL 
> issuer to ensure that the CRL is complete in that it contains 
> all revocation entries...from all authorities that identify 
> this CRL issuer in their certificates."  
 
Ack.  Without an IDP, the CRL can't be indirect.  I was still stuck in the
missing DP field mindset of a few days ago.  Kindly ignore my post:-)

Follow-Ups:
- RE: CA Rekey and CRL Validation
  - From: Santosh Chokhani
- RE: CA Rekey and CRL Validation
  - From: Santosh Chokhani

References:
- RE: CA Rekey and CRL Validation
  - From: Carl Wallace

Prev by Date: Re: CA Rekey and CRL Validation
Next by Date: RE: CA Rekey and CRL Validation
Previous by thread: RE: CA Rekey and CRL Validation
Next by thread: RE: CA Rekey and CRL Validation
Index(es):
- Date
- Thread