Re: certificate which has both AIA and CRL DPs

[Russ Housley <housley@xxxxxxxxxx>]

Hiroyuki:

Answer 1:  Yes, a certificate can contain both a CRL Distribution Point 
(CRLDP) extension and an Authority Information Access (AIA) extension.

Answer 2:  Precedence is not specified.  The client may either fetch the 
CRLs or use OCSP to determine whether or not the certificate is revoked.

Russ


At 11:47 AM 12/8/99 +0900, Hiroyuki Sakakibara wrote:
> Hello
>
> I would like to generate a certificate which has
> both AIA and CRL DPs.
>
> Question1 : In RFC2459 specification, is this
>                     certificate legal or illegal ?
>
> Question2 : If this certificate is legal, how does it describe the
>                      order of priority to process those extensions?
>
> For example,
> ------------------------------------------------
> 1st.                        OCSP server-1
> 2nd.                       OCSP server-2
> 3rd.                       CRL DP-1
> 4th.                        CRL DP-2
>
> or
>
> 1st.                        OCSP server-1
> 2nd.                       CRL DP-1
> 3rd.                        OCSP server-2
> 4th.                        CRL DP-2
>
> etc ...
> ------------------------------------------------
>
> Is a new extension(or any scheme) which describes the
> list of these priorities needed?
>
> like this
>
> LIST  {
> 1st    use AIA's 1st element,
> 2nd   use CRL DPs 1st element,
> 3rd    use "other method",
> 4th    use  AIA's 2nd element,
> 5th    use  CRL DPs 2nd element,
> etc ...
> }
>
> Please, can anyone help?
>
> Hioryuki Sakakibara
>
> =========================================
> Hiroyuki Sakakibara
> Research Engineer
> Information Security Department
> Mitsubishi Electric Corporation
> Information Technology R&D Center
> 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501, Japan
> PHONE: +81-467-41-2183
> FAX: +81-467-41-2185
> ==========================================