[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: Security section of draft-ietf-pkix-opp-ftp-http

To: ietf-pkix@xxxxxxx
Subject: Re: RE: Security section of draft-ietf-pkix-opp-ftp-http
From: dpkemp@xxxxxxxxxxxxxx (David P. Kemp)
Date: Tue, 21 Apr 1998 13:12:17 -0400
Sender: owner-ietf-pkix@xxxxxxx

> From: Mike Smith <mfsmith@zionsbank.com>
> 
> Isn't the off-schedule CRL considered a delta-CRL (even if it
> contains the complete set of records)?  If so, then doesn't the reply
> also have to include the last "full" CRL produced in its response as
> well?


Nope and nope.  A delta CRL will have the deltaCRLIndicator extension
present.  The extension contains the BaseCRLNumber to which the delta
applies.  A CRL without the extension is not a delta CRL.

If a full base CRL had to be transmitted along with every delta CRL,
then there would be no reason to use delta CRLs.  The assumption is
that the verifier already has a locally-cached copy of the base CRL,
or is responsible for fetching it separately.

Follow-Ups:
- Re: RE: Security section of draft-ietf-pkix-opp-ftp-http
  - From: Paul Hoffman / IMC

Prev by Date: Re: Security section of draft-ietf-pkix-opp-ftp-http
Next by Date: Re: RE: Security section of draft-ietf-pkix-opp-ftp-http
Previous by thread: Re: Security section of draft-ietf-pkix-opp-ftp-http
Next by thread: Re: RE: Security section of draft-ietf-pkix-opp-ftp-http
Index(es):
- Date
- Thread