[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signer certificate discovery for CRLs

To: Russ Housley <housley@xxxxxxxxxxxx>
Subject: Re: Signer certificate discovery for CRLs
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Mon, 18 Oct 2004 10:04:33 +0200
Cc: Santosh Chokhani <chokhani@xxxxxxxxxxxx>, ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: Bull SA.
References: <> <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0

Russ,

Denis:

I still wonder why you are making this restriction since LDAP is one of the only two methods that are supported in RFC 3280 to fetch certificates.

This is simply not true. When a GeneralName is used, the URI schemes ftp, http, and ldap are explicitly discussed for fetching certificates. When a GeneralName is rfc822name, email is discussed. And, the mailtoURI scheme is discussed for fetching CRLs.

The Directory Access Protocol (DAP) is also discussed.

OK. DAP and LDAP.

Denis

Russ

References:
- RE: Signer certificate discovery for CRLs
  - From: Santosh Chokhani
- Re: Signer certificate discovery for CRLs
  - From: Denis Pinkas
- Re: Signer certificate discovery for CRLs
  - From: Russ Housley

Prev by Date: Re: Signer certificate discovery for CRLs
Next by Date: RE: Signer certificate discovery for CRLs
Previous by thread: Re: Signer certificate discovery for CRLs
Next by thread: Re: Signer certificate discovery for CRLs
Index(es):
- Date
- Thread