[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A question and comment about PKIX - Part 1, Version 11.

To: Allen_Rochkind@xxxxxxxx
Subject: Re: A question and comment about PKIX - Part 1, Version 11.
From: Russ Housley <housley@xxxxxxxxxx>
Date: Tue, 29 Sep 1998 13:30:03 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
Sender: owner-ietf-pkix@xxxxxxx

Allen:

It means that the data in the CRL cannot be used to validate any
certificates.  Another source of revocation information must be used.

Russ


At 02:55 PM 9/28/98 -0700, Allen_Rochkind@3com.com wrote:
>First the question.   In Section 5.2 "CRL Extensions", p. 46, it says:
>
>     "A CRL validation MUST fail if it encounters a critical extension
>which it does not know how to process".
>
>My question is exactly what does it means that a "CRL validation fails"?.
>Does this mean that the CRL is to be ignored and that any certificates that
>might appear on the CRL are not invalidated by the CRL?.  I would suppose
>it is that interpretation rather than that a certificate validation fails
>if such a CRL is encountered.
>
>And now a minor comment.  I notice that RFC 2044 (on UTF8 strings) has been
>obsoleted by RFC 2279.  The comment is just to update the RFC reference in
>the spec in Appendix A.1 under UTF8String (p.69).
>
>
>

References:
- A question and comment about PKIX - Part 1, Version 11.
  - From: Allen_Rochkind

Prev by Date: Protocol Action: Internet X.509 Public Key Infrastructure Certificate and CRL Profile to Proposed Standard
Next by Date: Re: NEW Data type for certificate selection ?
Previous by thread: Re: A question and comment about PKIX - Part 1, Version 11.
Next by thread: Protocol Action: Internet X.509 Public Key Infrastructure Certificate and CRL Profile to Proposed Standard
Index(es):
- Date
- Thread