RE: Usage of CRL Issuing Distribution Point

[Alex Deacon <alex@xxxxxxxxxxxx>]

>From reading the docs, I don't get the impression that CDP and IDP
explicitly exclude the use other attributes.  I take this to (implicitly)
imply that other attributes CAN be used to partition CRL's. Is this to big
of a leap of faith to make? 

Partitioning a CRL by serialNumber sounds very reasonable to me.  So does
partitioning a CRL by some extension value which may be present in all certs
issued by a particular CA.  Why not partition a CRL by using the notBefore
validity date on the cert?  Or, perhaps the CA keeps an internal counter and
creates a new partition for every 20 certs it issues.  In an extreme case,
you may want each cert to have it own CRL partition.

If CDP's and IDP's are being used properly, (i.e. they are present in all
certs and CRL's issued by a CA) then what difference does it make as to how
the partitions were created?  

Alex

> -----Original Message-----
> From: Trevor Freeman [mailto:trevorf@microsoft.com]
> Sent: Friday, February 12, 1999 12:47 PM
> To: 'Alex Deacon'
> Cc: 'ietf-pkix@imc.org'
> Subject: RE: Usage of CRL Issuing Distribution Point
> 
> 
> What extensions in these documents provide for other 
> attributes to be used
> to partition CRLs? 
> -----Original Message-----
> From: Alex Deacon [mailto:alex@verisign.com]
> Sent: Friday, February 12, 1999 12:40 PM
> To: Trevor Freeman
> Cc: 'ietf-pkix@imc.org'
> Subject: RE: Usage of CRL Issuing Distribution Point
> 
> 
> Trevor, 
> 
> Could you specify what document states that it is not 
> permitted for CRL's to
> be partitioned on the basis of other attributes such as 
> serial number?  I
> cant recall ever seeing such a statement in either PKIX Part 
> 1 or X.509.
> 
> Thanks
> Alex
>