[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: The Meaning of Hold

To: "Meggison, Tim" <Meggison.Tim@xxxxxxxxxxxxxxxxxx>
Subject: RE: The Meaning of Hold
From: Chris Harman <charman@xxxxxxx>
Date: Thu, 12 Dec 1996 08:18:16 -0700
Cc: <ietf-pkix@xxxxxxxxxx>

At 07:32 AM 12/12/96 -0500, Meggison, Tim wrote:
>How does hold work with delta CRLs?
>
>If a certificate is given a hold status on a delta CRL, and that hold
>status applies over the generation of many delta CRLs, then it seems the
>certificate must be contained on all subsequent delta CRLs.  If not,
>then how would one know that the hold is still in effect?

There's a CRLReason code of removeFromCRL in the reasonCode CRL entry
extension. The hold status applies until a future delta CRL specifically
removes it (or changes it to a revocation of some sort).  Take a look at
clause 12.5.2.2 of X.509.

Chris
--
Chris Harman              charman@pgp.com
Pretty Good Privacy, Inc.
Phone: (602) 944-0773     Fax: (602) 943-2601

Prev by Date: RE: The Meaning of Hold
Next by Date: PKIX meeting minutes
Previous by thread: RE: The Meaning of Hold
Next by thread: Re: The Meaning of Hold
Index(es):
- Date
- Thread