[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signer certificate discovery for CRLs

To: Denis Pinkas <Denis.Pinkas@xxxxxxxx>, Santosh Chokhani <chokhani@xxxxxxxxxxxx>
Subject: Re: Signer certificate discovery for CRLs
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Fri, 15 Oct 2004 14:50:17 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Denis:

I still wonder why you are making this restriction since LDAP is one of the only two methods that are supported in RFC 3280 to fetch certificates.

This is simply not true. When a GeneralName is used, the URI schemes ftp, http, and ldap are explicitly discussed for fetching certificates. When a GeneralName is rfc822name, email is discussed. And, the mailtoURI scheme is discussed for fetching CRLs.

The Directory Access Protocol (DAP) is also discussed.

Russ

Follow-Ups:
- Re: Signer certificate discovery for CRLs
  - From: Denis Pinkas

References:
- RE: Signer certificate discovery for CRLs
  - From: Santosh Chokhani
- Re: Signer certificate discovery for CRLs
  - From: Denis Pinkas

Prev by Date: Re: Signer certificate discovery for CRLs
Next by Date: Re: Signer certificate discovery for CRLs
Previous by thread: Re: Signer certificate discovery for CRLs
Next by thread: Re: Signer certificate discovery for CRLs
Index(es):
- Date
- Thread