[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem with RFC 2459?

To: <ietf-pkix@xxxxxxx>
Subject: Problem with RFC 2459?
From: "Ambarish Malpani" <ambarish@xxxxxxxxxxxx>
Date: Thu, 3 Jun 1999 11:48:59 -0700
Importance: Normal
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Hi Folks,
    Have a quick question about RFC 2459 and CRLDPs.

If a CA issues both full CRLs and CRLDPs (which are partitioned
based on the serial number of the cert), how can an application
figure out whether it has the full CRL or a DP?

I know a DP (if it is not the full CRL), must contain the Issuing
Distribution Point (IDP) extension. However, I believe most CAs
are putting the IDP extension within their full CRLs also. So,
is there any way for a application to figure out whether it has
the full CRL or just a DP?

Regards,
Ambarish


---------------------------------------------------------------------
Ambarish Malpani
Architect					         650.567.5457
ValiCert, Inc.				        ambarish@valicert.com
1215 Terra Bella Ave.		              http://www.valicert.com
Mountain View, CA 94043-1833

Follow-Ups:
- Re: Problem with RFC 2459?
  - From: Russ Housley

Prev by Date: pki
Next by Date: Re: Every time ..., was Re: General formula
Previous by thread: pki
Next by thread: Re: Problem with RFC 2459?
Index(es):
- Date
- Thread