[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comment on PKIX-1 - cRLSign

To: Tim Polk <polk@xxxxxxxxxxxxxxxxxxx>, IETF-PKIX <ietf-pkix@xxxxxxx>
Subject: Comment on PKIX-1 - cRLSign
From: "Simonetti David" <simonetti_david@xxxxxxx>
Date: Thu, 23 Apr 1998 12:35:16 -0400
Organization: BAH
Sender: owner-ietf-pkix@xxxxxxx

Section 4.2.1.3, Key Usage, includes a paragraph on page 25 describing
the cRLSign bit, "This bit may only be asserted in CA certificates."

The draft OpenCDP includes an extension, REVOCATION ISSUER EXTENSION,
used by a CA to indicate that it has delegated authority to one or more
other entities to issue and sign CRLs or sign OCSP responses on its
behalf.  Additionally, the ill-fated issuingDistributionPoint extension
allowed a CRL issuer other than a CA.

I suggest the statement on page 25 be removed.
-- 
David Simonetti, Booz·Allen & Hamilton Inc.

Prev by Date: Re: Entrust Technologies Announces Royalty-free License for CRL Distribution Points Patent
Next by Date: Re: Entrust Technologies Announces Royalty-free License for CRL Distribution Points Patent
Previous by thread: Entrust Technologies Announces Royalty-free License for CRL Distribution Points Patent
Next by thread: Re: Comment on PKIX-1 - cRLSign
Index(es):
- Date
- Thread