[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signer certificate discovery for CRLs

To: Denis.Pinkas@xxxxxxxx
Subject: Re: Signer certificate discovery for CRLs
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Fri, 15 Oct 2004 14:55:14 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Denis:

If I understand you correctly, for whatever reason (which one ?), you only want to use HTTP. Then I would think the solution would be to use the following draft: draft-ietf-pkix-certstore-http-08 and make sure that it will be usable with the current AIA and SIA extensions to fetch CRL issuers certificates.

RFC 3280 specifies the inclusion of AIA and SIA in certificates. It is not specified for the inclusion in CRLs. I believe that the proposal is to write a specification for using AIA in CRLs.

The problem has been stated, and a proposed solution has been stated. If you do not think the problem really exists, please explain why this is the case. If you have another way to solve the stated problem, please share it.

Russ

Follow-Ups:
- Re: Signer certificate discovery for CRLs
  - From: Denis Pinkas

References:
- RE: Signer certificate discovery for CRLs
  - From: Santosh Chokhani
- Re: Signer certificate discovery for CRLs
  - From: Denis Pinkas

Prev by Date: Re: Signer certificate discovery for CRLs
Next by Date: RE: Signer certificate discovery for CRLs
Previous by thread: Re: Signer certificate discovery for CRLs
Next by thread: Re: Signer certificate discovery for CRLs
Index(es):
- Date
- Thread