[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signer certificate discovery for CRLs

To: "Santosh Chokhani" <chokhani@xxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>, "Peter Sylvester" <Peter.Sylvester@xxxxxxxxxx>
Subject: Re: Signer certificate discovery for CRLs
From: "Wen-Cheng Wang" <wcwang@xxxxxxxxxx>
Date: Tue, 19 Oct 2004 10:13:16 +0800
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: Chunghwa Telecom
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Peter,
>
> I think the pointer as a URI.  I could be LDAP, HTTP or FTP pointer to a
> file that contains one or more certificates.
>
More specifically, for a LDAP URI it could point to the crossCertificatePair
attribute or the caCertificate attribute of a CA's directory entry; for a
HTTP
URI or a FTP URI it could point to a cert-only CMS/PKCS#7 file (please see
section 3.6 of RFC 2633).
Both a LDAP attribute and a CMS/PKCS#7 file can contains multiple
certificates.

Wen-Cheng Wang

References:
- RE: Signer certificate discovery for CRLs
  - From: Santosh Chokhani

Prev by Date: RE: Signer certificate discovery for CRLs
Next by Date: CFP 2005 PKI R&D Workshop - Deadline soon
Previous by thread: RE: Signer certificate discovery for CRLs
Next by thread: Re: Signer certificate discovery for CRLs
Index(es):
- Date
- Thread