[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Usage of CRL Issuing Distribution Point

To: Trevor Freeman <trevorf@xxxxxxxxxxxxx>
Subject: RE: Usage of CRL Issuing Distribution Point
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 16 Feb 1999 10:46:05 -0500
Cc: "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Trevor,

I am puzzled by your statements. It is true that CRLs have some facilities
to explicitly mark which classes of certs may be contrained in them, e.g.,
only CA certs or only some revocation reason codes.  However, there is no
prohibition
against round robin assignment of certs to different CRLs through the use
of the CRL distribution point extension.  In fact, that would seem to be a
major feature of this extension.  Perhaps you are raising the question of
how one ought to note, in the CRL itself, that only a subset of certs
(e.g., partiitioned by serial number) are contained in a given CRL.

Steve

References:
- RE: Usage of CRL Issuing Distribution Point
  - From: Trevor Freeman

Prev by Date: RE: Finding PKIX Servers!
Next by Date: Re: Finding PKIX Servers!
Previous by thread: Re: Usage of CRL Issuing Distribution Point
Next by thread: RE: Usage of CRL Issuing Distribution Point
Index(es):
- Date
- Thread