directory enabled certificate status draft

[Alan Lloyd <Alan.Lloyd@xxxxxxxxxxxxxxxxxxxx>]

Dear all, 
I have put together a draft doc - 12 or so pages re this issue. I posted
the request to the IETF drafts list this AM . but due to meetings they
will process sometime soon.

The abstract is as follows:


                 <draft-ietf-pkix-dir-cert-stat-01.txt>


This Internet Draft specifies some proposed enhancements to the X.500
information schema and matching rules to support Certificate path
processing, certificate status and CRL mechanisms.  These enhancements
provide advantages over existing Certificate validation and CRL
mechanisms.  In particular, the mechanisms proposed can:

(a) reduce the need for unnecessarily fetching CRLs; 
(b) allow certificate status-CRL evaluation time to be improved;
(c) provide a directory supported certificate test and fetch capability;
(d) better support use of certificates in multiple environments with 
	different CRL arrangements.
(e) simplify the client software in the areas of certificate path,
certificate validity and CRL processing.
(f) provide the client a range of trust options when validating
certificates.
(g) provide a range of implementation options so that gradual adoption
is possible.


..

I would like some co authors to assist if possible - and advice re
posting the document to the list.

The document if adopted will affect the X.509 profile.

please advise and regards alan