[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cRLIssuer names and management domain correlation

To: "Peter Williams" <peterw@xxxxxxxxxxxx>
Subject: Re: cRLIssuer names and management domain correlation
From: Stephen Kent <kent@xxxxxxx>
Date: Sun, 21 Feb 1999 16:34:12 -0500
Cc: <ietf-pkix@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Peter,

I would assume either the default case in which the CA must have signed the
CRL, or must have issued a cert (directly) to an entity who signed the CRL
and that cert should have the keyusage restriction extsnsion set to
indicate that the key in question is to be used only for CRL signing (and I
would mark this extension critical).  In either case, it then is apparent
that the entity signing the CRL has been authorized to do so by the CA who
issued the cert with the CDP extension.

Steve

References:
- cRLIssuer names and management domain correlation
  - From: Peter Williams

Prev by Date: RE: CMC Comments?
Next by Date: RE: Finding PKIX Servers!
Previous by thread: cRLIssuer names and management domain correlation
Next by thread: RE: Qualified Certificates draft - Country name
Index(es):
- Date
- Thread